[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     6c72d8f17aad3d75f420f7a255beb78e63c39415
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 19:24:39 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 19:27:50 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c72d8f1

www-servers/nginx: Version bump.

Gentoo-Bug: 558688

Package-Manager: portage-2.2.20.1

 www-servers/nginx/Manifest           |   2 +
 www-servers/nginx/nginx-1.9.4.ebuild | 686 +++++++++++++++++++++++++++++++++++
 2 files changed, 688 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6884044..d5367c8 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,7 +5,9 @@ DIST nginx-1.7.6.tar.gz 817265 SHA256 08e2efc169c9f9d511ce53ea16f17d8478ab9b0f7a
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
 DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
 DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
+DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
+DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
 DIST ngx_http_ajp_module-0.3.0.tar.gz 108832 SHA256 7b3791275ef87dde153679fa459e84784da09b26d35426d61f5477903584b254 SHA512 0934ea3c7dce23e2c55ab5c9210562fcf7b38ef19dc9ca7b80daee3cd983bb5f69743d34a041d35e7089dd6f6aa73363014d0b5f04ce0a5c0d94b4b0bb2dacab WHIRLPOOL 2ebe0db7887f22fb915372ef637214a0a40d7a0b694479b7da066671bd7c64aa152c5a615f368916311f5879840e083fb7a14555d304aea5e059c079aaa9c809
 DIST ngx_http_auth_pam-1.3.tar.gz 6363 SHA256 199dff5d11fbb3b6ddf9c8a60cc141970125a3f8e7a06f245e3175e93ca947e3 SHA512 3c86f709397dfd3edbd98f729193cb7b61895777d02244f1cf255ba5e4cd8e7bcb5bf537bf3d1086a513e46f117fdcb7610d7085dead35f5d36f74b5b3864ef8 WHIRLPOOL fc5b42a6a1143e9d3845e1470caa7bd60cf8e5a01e0dd53925fbf76cba072add024d24e4f926d3d0b3e27eccf5faa839b05f2549144beac6ffc43614b7ca5b19

diff --git a/www-servers/nginx/nginx-1.9.4.ebuild b/www-servers/nginx/nginx-1.9.4.ebuild
new file mode 100644
index 0000000..73c2e3b
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.4.ebuild
@@ -0,0 +1,686 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.26"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.16"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.53-2"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc"
+
+IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? ( dev-libs/openssl:0= )
+	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled=
+
+	use aio		  && myconf+=( --with-file-aio )
+	use debug	  && myconf+=( --with-debug )
+	use ipv6	  && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre	  && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+		if use nginx_modules_http_memc ; then
+				http_enabled=1
+				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+		fi
+
+	if use http || use http-cache; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     051d652ca697e5c634e9a14e7f596ecd797afdcf
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 19:30:04 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 19:30:04 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=051d652c

www-servers/nginx: Remove old

Package-Manager: portage-2.2.20.1

 www-servers/nginx/Manifest            |  13 -
 www-servers/nginx/nginx-1.7.12.ebuild | 683 ----------------------------------
 www-servers/nginx/nginx-1.7.6.ebuild  | 681 ---------------------------------
 3 files changed, 1377 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index d5367c8..1959e79 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,4 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
-DIST modsecurity-apache_2.8.0.tar.gz 3940435 SHA256 95de6ec30982e5bde7981929ba89be89488e9f237ee8c4236e064b074bbb6f28 SHA512 2620d9ee0c7e40e02b908af5be916d1588f2ba55b8718495b6a3654e868973c45e8f8e794bf28b4677eb8a2d96ba427ead6ae4b26e48014bcd2b2f02013ceeef WHIRLPOOL cd90488ca5a85292bae32685ce44bcb82f46d98194636ba68f47a860c648c6933766bd56a38143f7656725fb3bd359de17f1b5513447c6ee40dbad945559fe4d
-DIST nginx-1.7.12.tar.gz 831957 SHA256 22d1f0b6d064e125b01aeb2c6171682559d2488e1b102fc48ec564aa36e66897 SHA512 54dabbf56bdc7ffde69b0a010ab5dbee7237431f35ce81c78598b2205f8af88027521920d52f95f44dffbf872c409f10f0b8dbc9328e94e9e6c5e7d8a84b14d5 WHIRLPOOL baea92734046a997d3b0282e9bb7232c9d99ca0064685930113b1cc2d152c44698726747462a9c0b9afe776393efe9f609df8064a39028995632ef046db44b4f
-DIST nginx-1.7.6.tar.gz 817265 SHA256 08e2efc169c9f9d511ce53ea16f17d8478ab9b0f7a653f212c03c61c52101599 SHA512 ac551020608e0c5ced17519509419e25513ab7a134f5e705cc8dd3866f3164c63ab7e3da9485ba5431d976978f4a9c68c5348bd102f9cb989c16f2e0ba65892a WHIRLPOOL bb247b8215fe10c6ad12df1da5e6fd7dfcd9ff441ef0bc1ecb9047ba132735a79ba4c5f0487bf8d2aee44ed940573b70ddaf0b77499d29fd4de8d9700b0ec038
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
 DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
 DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
@@ -9,32 +6,22 @@ DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea8
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
-DIST ngx_http_ajp_module-0.3.0.tar.gz 108832 SHA256 7b3791275ef87dde153679fa459e84784da09b26d35426d61f5477903584b254 SHA512 0934ea3c7dce23e2c55ab5c9210562fcf7b38ef19dc9ca7b80daee3cd983bb5f69743d34a041d35e7089dd6f6aa73363014d0b5f04ce0a5c0d94b4b0bb2dacab WHIRLPOOL 2ebe0db7887f22fb915372ef637214a0a40d7a0b694479b7da066671bd7c64aa152c5a615f368916311f5879840e083fb7a14555d304aea5e059c079aaa9c809
-DIST ngx_http_auth_pam-1.3.tar.gz 6363 SHA256 199dff5d11fbb3b6ddf9c8a60cc141970125a3f8e7a06f245e3175e93ca947e3 SHA512 3c86f709397dfd3edbd98f729193cb7b61895777d02244f1cf255ba5e4cd8e7bcb5bf537bf3d1086a513e46f117fdcb7610d7085dead35f5d36f74b5b3864ef8 WHIRLPOOL fc5b42a6a1143e9d3845e1470caa7bd60cf8e5a01e0dd53925fbf76cba072add024d24e4f926d3d0b3e27eccf5faa839b05f2549144beac6ffc43614b7ca5b19
 DIST ngx_http_auth_pam-1.4.tar.gz 6502 SHA256 095742c5bcb86f2431e215db785bdeb238d594f085a0ac00d16125876a157409 SHA512 8d60347c666736ef39161b287ad32820ad6be4695f1c0f27a000d46bfc7e26c95233247d39cf37296518a6329ba73f06756d0b0b68157b0e5f67796f73264db3 WHIRLPOOL 2f0e60366cf43727c9b3aa07d2cb803a997cb9a4f48ba28e575f470bbb7c28115f41d390e306219ad130501a62e204d403bbca5ee784628fbca35b407f51702c
-DIST ngx_http_cache_purge-2.1.tar.gz 10535 SHA256 424005af0c04e59ffa65a65e446081d4f95ee76a801a7555e001c67810bcb3b9 SHA512 1b70b2c35601949edd53d55922e81425aef0b2c486b071c2bcf53db7c5278e55966ffd2c9e32f599ee63e147a395e708d442515fe414f39b323d26722324db8b WHIRLPOOL f020841139988ae516969ffcd5bf7b2c264749fef5c20a5c8f0cca70f5eddcd3efcb3676bbe9a4550535de7b53fcd7326294fcae2a14dc6bf66d1ab77205b83f
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
 DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
-DIST ngx_http_echo-0.56.tar.gz 65109 SHA256 99027e63f5e625f28fedd163b9d18f29382ea55f079a9b7a2f16beed6a1d3ddf SHA512 4f6e87878564dddfa0e1d62414a7bbcf0726a01b7b53bc0b4be891658c39b85125fab4bb68ba7293d44c66c3ce5b967f289cf83628b2d78e9f3c01f5bcc37b75 WHIRLPOOL b5677d8133a0ad4c395479cfc29bc0b2cfb9362b55e4b27f20683beeace4830e6a0764a140a8f7dc518406769cda0f7a15cb340b2442a9c500a8e7c00fa0279a
 DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
 DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
-DIST ngx_http_fancyindex-0.3.4.tar.gz 14275 SHA256 d7a84e66b3b3571e6a7e2531d00767f4354f85ce2f281d532ace2bcc35035f8b SHA512 a8a78f83f34c910e0959b04f45ba897f0c84f2a3f36d1c36cd32a8e2a5d9e53f2d0f30cf6a99ffd76edc6179cb70561984745943ec05cca10bdda7ed29c8bfe4 WHIRLPOOL eaafe4a95eed6f43efed354978040c0856ca5819ed0b141637aee0b1c0aafcf2cc205b130f0ca4de39b224dbfb7083c158a4388768fa2515890e227a43245474
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
-DIST ngx_http_headers_more-0.25-r1.tar.gz 27973 SHA256 1473f96f59dcec9d83ce65d691559993c1f80da8c0a4c0c0a30dae9f969eeabf SHA512 1a03e72ac5847b0eeada0ba1e5d5872399dd636db6aa54d10c9e53d96f4b5be4c785bf9117991d27ed558532fe9ce95d6f6c63f94f5b83350f5ea14a60c03aaf WHIRLPOOL 03a7e21814a05644bd1a459bc7b0b26dee0d4ec6ae81f4677f631fa1e4c52c679b651341d673319c6469adcf0ad8e29db58065f542e5907729a609edb6e633f4
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_lua-0.9.12.tar.gz 512403 SHA256 e85c1924ca4670d5708b58efcd6e77793c43f243317a9850a112964067f63150 SHA512 c08546c074570408f646fc7ee60e60d732763a91f10b652858d95de070bd0dd4f0d4117114fc4b46d0f32cff88b21db5f394c3fbb2d2e5f1494fc01eedb782e4 WHIRLPOOL 2223bacff56b4ef942372e4eac3b1a02f21952804b0df6c626456ac2b6894ea068b704606f8a25c47de7887e97577a771fca6ce31d7288992f6f28eb0be27022
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
-DIST ngx_http_push_stream-0.4.0.tar.gz 165341 SHA256 4662cb5680e8dada55ada47b91ef563dd0322f94d775bf1c09e90d83d12c33a6 SHA512 45e68b75f6156df73b2c45d68a9b471560459eb608203b554ecbfcbef6923e4710c92aaefb6a7f8c1d90c7dbf31f4fcc59802d0e8f5c29418be52acad0073c02 WHIRLPOOL 15f2bfa1f9b56005559b8122ce047166e48f0428677401df0b41bcbb52daa6f176c4527b02e145aec9cd3d2fa48c12bb17bc0fce2d04bd7c223b4c5ca91253a0
 DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
 DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d94c0b43e1265df7fd0f1eba11a337c1e0a626 SHA512 b996c6fe48b97540d1ee9879f37aca1a4c8262ad7577d607d402a00d79f5d32676f010da303f89db18e6f90351b8bb5cf0265338cc5df8154e94d5f332a227c8 WHIRLPOOL aacf93841af0384b2be1d4075ceb23e67b89a4cac0a06fe40e2efd5f0334309ccc83e29014c9746dda9e6b59df0866f0a796c0a9dc9d14e2625a11c019c8e79d
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
-DIST ngx_http_upstream_check-0.1.9.tar.gz 116307 SHA256 b3bb240fb236ba9ae3e807de0f69aa0804d100496c1063a523b29a184e438562 SHA512 b50c15aa311e38101d9b4f6178684a43abcfa66d0483dbf62b3dc5b595d85f59b52a4f564a5f35c54966042074598fef0fc59635ea38c064ec0e8921d9c3229d WHIRLPOOL f878e4833d445a75076455aba34f85a23c0377d922d9ff3d542f887379730e127e969fe3108cd476279d7ff1aa396f686e9e7b8594fb38eb2ea36d3d928602e6
 DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
 DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
-DIST ngx_rtmp-1.1.6.tar.gz 519666 SHA256 4039d1e7febd93188f729b594772d04d8a1137b2e90b12fa53bb061f200add87 SHA512 6db0cc5a3cff600a836483f9cc4ff76860e9c893167561ad818cb41e2eb4fa31af8a4213e42c7c5766e389aed0ad713cffe776aa4bc4ebf279dd63eb65d4162c WHIRLPOOL f23860df6df0de87aa7d65f2411ea7104e635e5b13987853599a06c064b93229c8a900dca84b983e0dcabac96c8918889932cd303836a3cab4ac7c6d7c2a0b10
 DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5

diff --git a/www-servers/nginx/nginx-1.7.12.ebuild b/www-servers/nginx/nginx-1.7.12.ebuild
deleted file mode 100644
index 19f51b6..0000000
--- a/www-servers/nginx/nginx-1.7.12.ebuild
+++ /dev/null
@@ -1,683 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#   * alive upstream
-#   * sane packaging
-#   * builds cleanly
-#   * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.57"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.4.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# ajp-module (https://github.com/yaoweibin/nginx_ajp_module, BSD-2)
-HTTP_AJP_MODULE_PV="0.3.0"
-HTTP_AJP_MODULE_P="ngx_http_ajp_module-${HTTP_AJP_MODULE_PV}"
-HTTP_AJP_MODULE_URI="https://github.com/yaoweibin/nginx_ajp_module/archive/v${HTTP_AJP_MODULE_PV}.tar.gz"
-HTTP_AJP_MODULE_WD="${WORKDIR}/nginx_ajp_module-${HTTP_AJP_MODULE_PV}"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_ajp? ( ${HTTP_AJP_MODULE_URI} -> ${HTTP_AJP_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-}
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}"/check_1.7.2+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_ajp; then
-		pushd "${HTTP_AJP_MODULE_WD}" > /dev/null
-		epatch "${FILESDIR}"/AJP-nginx-1.7.9+.patch
-		popd > /dev/null
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	epatch_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf= http_enabled= mail_enabled=
-
-	use aio       && myconf+=" --with-file-aio --with-aio_module"
-	use debug     && myconf+=" --with-debug"
-	use ipv6      && myconf+=" --with-ipv6"
-	use libatomic && myconf+=" --with-libatomic"
-	use pcre      && myconf+=" --with-pcre"
-	use pcre-jit  && myconf+=" --with-pcre-jit"
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=" --without-http_${mod}_module"
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=" --with-http_${mod}_module"
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=" --with-http_realip_module"
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
-		myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=" --add-module=${RTMP_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_ajp ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_AJP_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
-	fi
-
-	if use http || use http-cache; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=" --without-http-cache"
-		use ssl && myconf+=" --with-http_ssl_module"
-	else
-		myconf+=" --without-http --without-http-cache"
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=" --without-mail_${mod}_module"
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=" --with-mail"
-		use ssl && myconf+=" --with-mail_ssl_module"
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=" --add-module=${mod}"
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=" --user=${PN} --group=${PN}"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		${myconf} || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-# README.md is still empty
-#	if use nginx_modules_http_metrics; then
-#		docinto ${HTTP_METRICS_MODULE_P}
-#		dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
-#	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_ajp; then
-		docinto ${HTTP_AJP_MODULE_P}
-		dodoc "${HTTP_AJP_MODULE_WD}"/README
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.7.6.ebuild b/www-servers/nginx/nginx-1.7.6.ebuild
deleted file mode 100644
index 9829452..0000000
--- a/www-servers/nginx/nginx-1.7.6.ebuild
+++ /dev/null
@@ -1,681 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#   * alive upstream
-#   * sane packaging
-#   * builds cleanly
-#   * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.25"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}-r1"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.1"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.4"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/chaoslawful/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.12"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/chaoslawful/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.3"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="http://web.iti.upv.es/~sto/nginx/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}.tgz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.1.9"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.6"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.56"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.8.0"
-HTTP_SECURITY_MODULE_P="modsecurity-apache_${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.4.0"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# ajp-module (https://github.com/yaoweibin/nginx_ajp_module, BSD-2)
-HTTP_AJP_MODULE_PV="0.3.0"
-HTTP_AJP_MODULE_P="ngx_http_ajp_module-${HTTP_AJP_MODULE_PV}"
-HTTP_AJP_MODULE_URI="https://github.com/yaoweibin/nginx_ajp_module/archive/v${HTTP_AJP_MODULE_PV}.tar.gz"
-HTTP_AJP_MODULE_WD="${WORKDIR}/nginx_ajp_module-${HTTP_AJP_MODULE_PV}"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_ajp? ( ${HTTP_AJP_MODULE_URI} -> ${HTTP_AJP_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-}
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}"/check_1.7.2+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config"
-		# fix for nginx 1.7.5
-		cd "${HTTP_LUA_MODULE_WD}"
-		epatch "${FILESDIR}/lua-${P}.patch"
-		cd "${S}"
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	epatch_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf= http_enabled= mail_enabled=
-
-	use aio       && myconf+=" --with-file-aio --with-aio_module"
-	use debug     && myconf+=" --with-debug"
-	use ipv6      && myconf+=" --with-ipv6"
-	use libatomic && myconf+=" --with-libatomic"
-	use pcre      && myconf+=" --with-pcre"
-	use pcre-jit  && myconf+=" --with-pcre-jit"
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=" --without-http_${mod}_module"
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=" --with-http_${mod}_module"
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=" --with-http_realip_module"
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
-		myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=" --add-module=${RTMP_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_ajp ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_AJP_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
-	fi
-
-	if use http || use http-cache; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=" --without-http-cache"
-		use ssl && myconf+=" --with-http_ssl_module"
-	else
-		myconf+=" --without-http --without-http-cache"
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=" --without-mail_${mod}_module"
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=" --with-mail"
-		use ssl && myconf+=" --with-mail_ssl_module"
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=" --add-module=${mod}"
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=" --user=${PN} --group=${PN}"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/uwsgi \
-		${myconf} || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"/etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"/usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		einstall DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-# README.md is still empty
-#	if use nginx_modules_http_metrics; then
-#		docinto ${HTTP_METRICS_MODULE_P}
-#		dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
-#	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_ajp; then
-		docinto ${HTTP_AJP_MODULE_P}
-		dodoc "${HTTP_AJP_MODULE_WD}"/README
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}/${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     2172df82f3653863fea6d7e05bf5d3b8aa863c0f
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 15 22:07:40 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Oct 15 22:07:40 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2172df82

www-servers/nginx: Version bump

Package-Manager: portage-2.2.23

 www-servers/nginx/Manifest           |   3 +
 www-servers/nginx/metadata.xml       |   1 +
 www-servers/nginx/nginx-1.9.5.ebuild | 695 +++++++++++++++++++++++++++++++++++
 3 files changed, 699 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1959e79..5df8315 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386d
 DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
 DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
 DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
+DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -13,9 +14,11 @@ DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df30
 DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
+DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
+DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
 DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d94c0b43e1265df7fd0f1eba11a337c1e0a626 SHA512 b996c6fe48b97540d1ee9879f37aca1a4c8262ad7577d607d402a00d79f5d32676f010da303f89db18e6f90351b8bb5cf0265338cc5df8154e94d5f332a227c8 WHIRLPOOL aacf93841af0384b2be1d4075ceb23e67b89a4cac0a06fe40e2efd5f0334309ccc83e29014c9746dda9e6b59df0866f0a796c0a9dc9d14e2625a11c019c8e79d
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18

diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index d391454..1ecde8f 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -14,6 +14,7 @@
   <use>
     <flag name="aio">Enables file AIO support</flag>
     <flag name="http">Enable HTTP core support</flag>
+    <flag name="http2">Enable HTTP2 module support</flag>
     <flag name="http-cache">Enable HTTP cache support</flag>
     <flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
     <flag name="luajit">Use <pkg>dev-lang/luajit</pkg> instead of <pkg>dev-lang/lua</pkg> for lua support when building the lua http module.</flag>

diff --git a/www-servers/nginx/nginx-1.9.5.ebuild b/www-servers/nginx/nginx-1.9.5.ebuild
new file mode 100644
index 0000000..a266b79
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.5.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.261"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.16"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? ( dev-libs/openssl:0= )
+	http2? ( >=dev-libs/openssl-1.0.1c:0= )
+	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled=
+
+	use aio		  && myconf+=( --with-file-aio )
+	use debug	  && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6	  && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre	  && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+		if use nginx_modules_http_memc ; then
+				http_enabled=1
+				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+		fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     f7fd9fcda53fcd9ecc1572dca3cdd39a970ae62c
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 15 22:08:26 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Oct 15 22:08:26 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7fd9fcd

www-servers/nginx: Remove old

Package-Manager: portage-2.2.23

 www-servers/nginx/Manifest           |   2 -
 www-servers/nginx/nginx-1.9.2.ebuild | 686 -----------------------------------
 www-servers/nginx/nginx-1.9.3.ebuild | 686 -----------------------------------
 3 files changed, 1374 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5df8315..74b79b4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,5 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
-DIST nginx-1.9.2.tar.gz 860233 SHA256 80b6425be14a005c8cb15115f3c775f4bc06bf798aa1affaee84ed9cf641ed78 SHA512 dc433fd0531a310de25dbf5303dbd904dc1f1ecfcb774707bf65f6f5f5ad83b6febc9938cabb0c68fefa4ddd80e121ac954411ed42f87254c95b5ca4daa9d7de WHIRLPOOL c99b9bf75afda286c99f206fa75ab12d83534a80659a3ebd13e1c766763d2aa8a34acedff307f4096c6d7e31693ca124f699482a99e22c1e8b91b7e356806ac3
-DIST nginx-1.9.3.tar.gz 864430 SHA256 4298c5341b2a262fdb8dbc0a1389756181af8f098c7720abfb30bd3060f673eb SHA512 923309de03c86815023f190bda0c3138f3b9e6dba76939e721273bca3ddb6abd06506afe0621dff4e936358e4d4570a8b4dca095b9246a8e13a22c465f31855b WHIRLPOOL 980feb6111c424d4c11ba632c9f602be2242a5976060e3915135feb2af118d3280b18985dc199c4e729a402d029fe17d6e60e7e1db45e0b83514cf211c8a4017
 DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
 DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6

diff --git a/www-servers/nginx/nginx-1.9.2.ebuild b/www-servers/nginx/nginx-1.9.2.ebuild
deleted file mode 100644
index b3fb3e6..0000000
--- a/www-servers/nginx/nginx-1.9.2.ebuild
+++ /dev/null
@@ -1,686 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-${PV}".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.9.3.ebuild b/www-servers/nginx/nginx-1.9.3.ebuild
deleted file mode 100644
index c394e30..0000000
--- a/www-servers/nginx/nginx-1.9.3.ebuild
+++ /dev/null
@@ -1,686 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     f6c4f4374008762f9c1dc4ba3d7218ae7d7e23fa
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 27 20:12:40 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Tue Oct 27 20:12:40 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6c4f437

www-servers/nginx: Version bump

Package-Manager: portage-2.2.23

 www-servers/nginx/Manifest           |   2 +
 www-servers/nginx/nginx-1.9.6.ebuild | 695 +++++++++++++++++++++++++++++++++++
 2 files changed, 697 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 74b79b4..5691b2b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde08
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
 DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
 DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
+DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -15,6 +16,7 @@ DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae5
 DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
+DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2

diff --git a/www-servers/nginx/nginx-1.9.6.ebuild b/www-servers/nginx/nginx-1.9.6.ebuild
new file mode 100644
index 0000000..e82d214
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.6.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.261"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.17"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? ( dev-libs/openssl:0= )
+	http2? ( >=dev-libs/openssl-1.0.1c:0= )
+	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled=
+
+	use aio		  && myconf+=( --with-file-aio )
+	use debug	  && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6	  && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre	  && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+		if use nginx_modules_http_memc ; then
+				http_enabled=1
+				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+		fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     4ec7c0997485fe9b4daa33220d8305b16a6ba6bc
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sat Nov  7 12:45:16 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sat Nov  7 12:45:29 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ec7c099

www-servers/nginx: Remove old

Package-Manager: portage-2.2.24

 www-servers/nginx/Manifest           |   3 -
 www-servers/nginx/nginx-1.9.4.ebuild | 686 ----------------------------------
 www-servers/nginx/nginx-1.9.5.ebuild | 695 -----------------------------------
 3 files changed, 1384 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5691b2b..de0ed3f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,5 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
-DIST nginx-1.9.4.tar.gz 866423 SHA256 479b0c03747ee6b2d4a21046f89b06d178a2881ea80cfef160451325788f2ba8 SHA512 6616b971361ded7a316a5718dffb2476dac0c625afb047595fbca0e24ea84391d3e0df88bc8d6a40747411094f8453a85c331d8089e51eecd1ac152898bb350a WHIRLPOOL a3e6699b81fbf33b24ae605a0cd113a76eac9f572a05e7b982f4dca3ede573fe425cddd21b136255ca7d0db8201babb2780fe7ba971dc4d62a4bc8545ddc8c67
-DIST nginx-1.9.5.tar.gz 884023 SHA256 48e2787a6b245277e37cb7c5a31b1549a0bbacf288aa4731baacf9eaacdb481b SHA512 a3f12ca919b9750141c323d58e5be32d1f6ed086c6ecf45c559baa911606cbae1bb3b2eafd84f67294b6b23366ef5be7d24edc1dae7b3fa5b3aff5ecbaefb31d WHIRLPOOL b1c6bb6062423f70904483041855caaf42e79edc1ba14e32d240bc541236afd4a8c287e23147ffa04136171c2bd37b5b77ee7ec872ee35fb8bce1ac6f4d0b866
 DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -15,7 +13,6 @@ DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
 DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
-DIST ngx_http_lua-0.9.16.tar.gz 523900 SHA256 a3cda55b8cba5bc6632aa270b8a02d543fdb43f4d60a3bd2cb411c2a3b467656 SHA512 01be7dca10c1c1f25d2b8e65c9944662d5ba0235ecccba1143f7c30dcb76fad847a4a2fa7a34055906a33d50ecf8fb463aac9f76581390035a88e48c9b9f5319 WHIRLPOOL 6f8c04f8d284d1fdcf69471a4590ad0381335ae64e6f0bc5b3ec4a13c8e7254d2363cbf23304f559997d7e5695832390bc187e18ee57b9c72c39c8ed5a98b7e0
 DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8

diff --git a/www-servers/nginx/nginx-1.9.4.ebuild b/www-servers/nginx/nginx-1.9.4.ebuild
deleted file mode 100644
index 73c2e3b..0000000
--- a/www-servers/nginx/nginx-1.9.4.ebuild
+++ /dev/null
@@ -1,686 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.9.5.ebuild b/www-servers/nginx/nginx-1.9.5.ebuild
deleted file mode 100644
index a266b79..0000000
--- a/www-servers/nginx/nginx-1.9.5.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.261"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.16"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http2? ( >=dev-libs/openssl-1.0.1c:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     0a9cef65478876b38d509c3a9288358fad72b5cc
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 19 21:31:46 2015 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Thu Nov 19 21:31:46 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a9cef65

www-servers/nginx: Version bump

Package-Manager: portage-2.2.25

 www-servers/nginx/Manifest           |   3 +
 www-servers/nginx/nginx-1.9.7.ebuild | 695 +++++++++++++++++++++++++++++++++++
 2 files changed, 698 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index de0ed3f..563f535 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
 DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
+DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -12,8 +13,10 @@ DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
 DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
+DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
+DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2

diff --git a/www-servers/nginx/nginx-1.9.7.ebuild b/www-servers/nginx/nginx-1.9.7.ebuild
new file mode 100644
index 0000000..f13c837
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.7.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.28"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.19"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? ( dev-libs/openssl:0= )
+	http2? ( >=dev-libs/openssl-1.0.1c:0= )
+	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled=
+
+	use aio		  && myconf+=( --with-file-aio )
+	use debug	  && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6	  && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre	  && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+		if use nginx_modules_http_memc ; then
+				http_enabled=1
+				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+		fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     497814c88251e3bf296c7e778560c3cfba8d9120
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  2 19:19:04 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Tue Feb  2 19:19:04 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=497814c8

www-servers/nginx: Version bump

Gentoo-Bug: 573046

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest           |   1 +
 www-servers/nginx/nginx-1.8.1.ebuild | 667 +++++++++++++++++++++++++++++++++++
 2 files changed, 668 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 563f535..85b38ef 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
+DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
 DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6

diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
new file mode 100644
index 0000000..7fadd31
--- /dev/null
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -0,0 +1,667 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#   * alive upstream
+#   * sane packaging
+#   * builds cleanly
+#   * does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.26"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.53-2"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.57"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.4.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.5"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs"
+
+IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? ( dev-libs/openssl:0= )
+	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}"/check_1.7.2+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	epatch_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf= http_enabled= mail_enabled=
+
+	use aio       && myconf+=" --with-file-aio --with-aio_module"
+	use debug     && myconf+=" --with-debug"
+	use ipv6      && myconf+=" --with-ipv6"
+	use libatomic && myconf+=" --with-libatomic"
+	use pcre      && myconf+=" --with-pcre"
+	use pcre-jit  && myconf+=" --with-pcre-jit"
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=" --without-http_${mod}_module"
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=" --with-http_${mod}_module"
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=" --with-http_realip_module"
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
+		myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=" --add-module=${RTMP_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
+	fi
+
+	if use http || use http-cache; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=" --without-http-cache"
+		use ssl && myconf+=" --with-http_ssl_module"
+	else
+		myconf+=" --without-http --without-http-cache"
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=" --without-mail_${mod}_module"
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=" --with-mail"
+		use ssl && myconf+=" --with-mail_ssl_module"
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=" --add-module=${mod}"
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=" --user=${PN} --group=${PN}"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		${myconf} || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+# README.md is still empty
+#	if use nginx_modules_http_metrics; then
+#		docinto ${HTTP_METRICS_MODULE_P}
+#		dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
+#	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     da4256a89bf28cc909f803e5e4b0a4748f1cda04
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  2 19:19:47 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Tue Feb  2 19:19:47 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da4256a8

www-servers/nginx: Remove old

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest           |   3 -
 www-servers/nginx/nginx-1.9.6.ebuild | 695 -----------------------------------
 2 files changed, 698 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 85b38ef..9631b07 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.6.tar.gz 884733 SHA256 ed501fc6d0eff9d3bc1049cc1ba3a3ac8c602de046acb2a4c108392bbfa865ea SHA512 d42199542585dc2c4feeeb5a86462b96ccd008a72a067d9fa83ed6171f098f4f515a62df2b4bf4b169b1aa78eccb6099701caea6a805de784a0f4bfe2ce92716 WHIRLPOOL 137643033860520610d707cb04f262e78e349e27ba6ed3fd5b91c95d4f8aeca49fa96721f58f809f81ed457040aa1c05d7f37400912376bc454829b491dd4983
 DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -13,10 +12,8 @@ DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df30
 DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_headers_more-0.261.tar.gz 28022 SHA256 03d1f5fbecba8565f247d87a38f5e4b6440b0a56d752bdd2b29af2f1c4aea480 SHA512 252b5adc86f114460a956b38cca448917124523730e95ffc822a953232da9835e5ee663c65077413d655a8887ac692872b5de115e3cf4123463df7a84f759c3f WHIRLPOOL d97828ac45a1641210544a8b3ee21d86a8c2160fa665352992822b9a4cd7b8b48f9816afc124007e73467237a53615bff23a5cfbfad48bd04fefb9843335f1ee
 DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
-DIST ngx_http_lua-0.9.17.tar.gz 540687 SHA256 68fba0cae22b11314968ba18d811991a95cade992aa76da3768af93d4b83b70f SHA512 3e140dff37443f2b2d9da28c4318741c7e8fb7e5d5f29b51745ed62517d3f5e873e1f86c0ade7e0d637aef0227c8a533699e8525292d8210f2b9eb41b3d7852a WHIRLPOOL a9e1e8a88b7339cb16f2e2f261afb81d175e14edd1b4987e300c7e0541a871a660128996f9b7de746f5846df4ff34d583379e8b9dae0658eca5438b0c146b96a
 DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8

diff --git a/www-servers/nginx/nginx-1.9.6.ebuild b/www-servers/nginx/nginx-1.9.6.ebuild
deleted file mode 100644
index e82d214..0000000
--- a/www-servers/nginx/nginx-1.9.6.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.261"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.17"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http2? ( >=dev-libs/openssl-1.0.1c:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     fda3d5a510f8c6380d5a4e492c75b83c0cc5cb9a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 16:52:55 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 16:52:55 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fda3d5a5

www-servers/nginx: amd64 stable wrt bug #573046

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.8.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
index 7fadd31..74737b9 100644
--- a/www-servers/nginx/nginx-1.8.1.ebuild
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -155,7 +155,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
 geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     8ef7fbabc4133dd8f5bb0d6222b6ddedae5ccd94
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 16:54:31 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 16:54:31 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ef7fbab

www-servers/nginx: x86 stable wrt bug #573046

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.8.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
index 74737b9..e75a805 100644
--- a/www-servers/nginx/nginx-1.8.1.ebuild
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -155,7 +155,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
 geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     850bf24442a7f7e43a0b5a5a1c877c6b98128fb2
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 21:13:13 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 21:13:13 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=850bf244

www-servers/nginx: Remove old

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest           |   1 -
 www-servers/nginx/nginx-1.8.0.ebuild | 667 -----------------------------------
 2 files changed, 668 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9631b07..bd04b04 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,4 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
-DIST nginx-1.8.0.tar.gz 832104 SHA256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 SHA512 3e5d7e1b01839b2638251c47046149450b9b65985e611ef55e5953846e9eb0128c3708c695540ad4dfd0ce5e3060dfecb51213403048fab1a99dd5cea94f0038 WHIRLPOOL e4619e0e0454b86d725a21abe9300ad33ad700c4d577b33f1762b5af796093abd3c7b6afed38301dd0b2a235d6ff47db189b24fd19a5cbc777398bc237ae8534
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6

diff --git a/www-servers/nginx/nginx-1.8.0.ebuild b/www-servers/nginx/nginx-1.8.0.ebuild
deleted file mode 100644
index fca2b10..0000000
--- a/www-servers/nginx/nginx-1.8.0.ebuild
+++ /dev/null
@@ -1,667 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#   * alive upstream
-#   * sane packaging
-#   * builds cleanly
-#   * does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.26"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.15"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.53-2"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.57"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.4.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.5"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-bd312d586752"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link spdy stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs"
-
-IUSE="aio debug +http +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_spdy? ( >=dev-libs/openssl-1.0.1c:0= )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-}
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}"/check_1.7.2+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	epatch_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf= http_enabled= mail_enabled=
-
-	use aio       && myconf+=" --with-file-aio --with-aio_module"
-	use debug     && myconf+=" --with-debug"
-	use ipv6      && myconf+=" --with-ipv6"
-	use libatomic && myconf+=" --with-libatomic"
-	use pcre      && myconf+=" --with-pcre"
-	use pcre-jit  && myconf+=" --with-pcre-jit"
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=" --without-http_${mod}_module"
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=" --with-http_${mod}_module"
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=" --with-http_realip_module"
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_HEADERS_MORE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_CACHE_PURGE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_FANCYINDEX_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=" --add-module=${DEVEL_KIT_MODULE_WD}"
-		myconf+=" --add-module=${HTTP_LUA_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_AUTH_PAM_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_METRICS_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_NAXSI_MODULE_WD}"
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=" --add-module=${RTMP_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_ECHO_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_PUSH_STREAM_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_STICKY_MODULE_WD}"
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=" --add-module=${HTTP_MOGILEFS_MODULE_WD}"
-	fi
-
-	if use http || use http-cache; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=" --without-http-cache"
-		use ssl && myconf+=" --with-http_ssl_module"
-	else
-		myconf+=" --without-http --without-http-cache"
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=" --without-mail_${mod}_module"
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=" --with-mail"
-		use ssl && myconf+=" --with-mail_ssl_module"
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=" --add-module=${mod}"
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=" --user=${PN} --group=${PN}"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		${myconf} || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-# README.md is still empty
-#	if use nginx_modules_http_metrics; then
-#		docinto ${HTTP_METRICS_MODULE_P}
-#		dodoc "${HTTP_METRICS_MODULE_WD}"/README.md
-#	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_lua && use nginx_modules_http_spdy; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua spdy\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     f9987f337ea7cf08ada9dc9028a0a4d2de708a66
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 21:48:30 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 21:48:30 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9987f33

www-servers/nginx: Version bump

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest            |   1 +
 www-servers/nginx/nginx-1.9.10.ebuild | 695 ++++++++++++++++++++++++++++++++++
 2 files changed, 696 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index bd04b04..570f2b5 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
+DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
 DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb

diff --git a/www-servers/nginx/nginx-1.9.10.ebuild b/www-servers/nginx/nginx-1.9.10.ebuild
new file mode 100644
index 0000000..6c88b32
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.10.ebuild
@@ -0,0 +1,695 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.28"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.9.19"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
+geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
+split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
+image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc"
+
+IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
+selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? ( dev-libs/openssl:0= )
+	http2? ( >=dev-libs/openssl-1.0.1c:0= )
+	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled=
+
+	use aio		  && myconf+=( --with-file-aio )
+	use debug	  && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6	  && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre	  && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+		if use nginx_modules_http_memc ; then
+				http_enabled=1
+				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+		fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     a7eeee6e1ea7e9086bafd5fb4dea24b3d7828d22
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 21:49:03 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 21:49:03 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7eeee6e

www-servers/nginx: Remove vulnerable

Gentoo-Bugs: 573046

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest           |   1 -
 www-servers/nginx/nginx-1.9.7.ebuild | 695 -----------------------------------
 2 files changed, 696 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 570f2b5..d1766ab 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
-DIST nginx-1.9.7.tar.gz 885562 SHA256 794bd217affdfce1c6263d9199c3961f387a2df9d57dcb42876faaf41c1748d5 SHA512 a3fa097164954b10120a0e7dca4b877da17c237f1e3ca47365aedf55ade2fe55b0f072404dcb909636b3afaa2b51f5c45b002b54424bd6b80ab76b835bbcc7de WHIRLPOOL 09a0b002d3cfc4650461c187d9192305208e38d738b2499109c3969c05aa8fb56d60730ab0a207bb64ffad5c450fb994b91a9a3ca1178633901ed236a4f3a245
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4

diff --git a/www-servers/nginx/nginx-1.9.7.ebuild b/www-servers/nginx/nginx-1.9.7.ebuild
deleted file mode 100644
index f13c837..0000000
--- a/www-servers/nginx/nginx-1.9.7.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.28"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.19"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http2? ( >=dev-libs/openssl-1.0.1c:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     36b28f5aeb2c1684a2f9346abfecb77c03f21a83
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  6 14:58:59 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sat Feb  6 14:58:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b28f5a

www-servers/nginx: Fix typo in configure option

Package-Manager: portage-2.2.27

 www-servers/nginx/nginx-1.9.10-r2.ebuild | 758 +++++++++++++++++++++++++++++++
 1 file changed, 758 insertions(+)

diff --git a/www-servers/nginx/nginx-1.9.10-r2.ebuild b/www-servers/nginx/nginx-1.9.10-r2.ebuild
new file mode 100644
index 0000000..04ab250
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.10-r2.ebuild
@@ -0,0 +1,758 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.0"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi slice ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${stream}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     cd04ea1d698e2596af0004fed7a79d6cb7ab1e1b
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  6 14:59:35 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sat Feb  6 15:30:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd04ea1d

www-servers/nginx: Remove old

Package-Manager: portage-2.2.27

 www-servers/nginx/nginx-1.9.10-r1.ebuild | 758 -------------------------------
 1 file changed, 758 deletions(-)

diff --git a/www-servers/nginx/nginx-1.9.10-r1.ebuild b/www-servers/nginx/nginx-1.9.10-r1.ebuild
deleted file mode 100644
index 2d4504b..0000000
--- a/www-servers/nginx/nginx-1.9.10-r1.ebuild
+++ /dev/null
@@ -1,758 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.0"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi slice ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without_stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without_stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     c5f0fdc2a17f1b71a335566578476f3cd0aefa35
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Feb  7 22:03:55 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Feb  7 22:03:55 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5f0fdc2

www-servers/nginx: Remove old

Package-Manager: portage-2.2.27

 www-servers/nginx/nginx-1.9.10-r2.ebuild | 758 -------------------------------
 1 file changed, 758 deletions(-)

diff --git a/www-servers/nginx/nginx-1.9.10-r2.ebuild b/www-servers/nginx/nginx-1.9.10-r2.ebuild
deleted file mode 100644
index 04ab250..0000000
--- a/www-servers/nginx/nginx-1.9.10-r2.ebuild
+++ /dev/null
@@ -1,758 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.0"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi slice ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     afb81059af090c6385646e141d293db9b07ae4dc
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Feb  7 22:03:13 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Feb  7 22:03:13 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afb81059

www-servers/nginx: Fix build without slice module

Gentoo-Bug: 574020

Thanks to: Thomas D. <whissi <AT> whissi.de>

Package-Manager: portage-2.2.27

 www-servers/nginx/nginx-1.9.10-r3.ebuild | 758 +++++++++++++++++++++++++++++++
 1 file changed, 758 insertions(+)

diff --git a/www-servers/nginx/nginx-1.9.10-r3.ebuild b/www-servers/nginx/nginx-1.9.10-r3.ebuild
new file mode 100644
index 0000000..fe091e7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.10-r3.ebuild
@@ -0,0 +1,758 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.5"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.0"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	epatch_user
+
+	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		epatch "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${stream}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Jason Donenfeld]

commit:     32ee5097ff7733026c9ff096f35ef9b384e17d8b
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  2 16:17:09 2016 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Wed Mar  2 16:17:09 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32ee5097

www-servers/nginx: work with libressl

 www-servers/nginx/nginx-1.9.10-r3.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/www-servers/nginx/nginx-1.9.10-r3.ebuild b/www-servers/nginx/nginx-1.9.10-r3.ebuild
index fe091e7..8aff379 100644
--- a/www-servers/nginx/nginx-1.9.10-r3.ebuild
+++ b/www-servers/nginx/nginx-1.9.10-r3.ebuild
@@ -138,6 +138,9 @@ HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
 HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
 inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Patrice Clement]

commit:     8e6af817cbe843501cf4c99dbb9b911aa5ce163e
Author:     Thomas D <whissi <AT> whissi <DOT> de>
AuthorDate: Wed Mar  2 00:32:26 2016 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Wed Mar  2 00:32:26 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e6af817

www-servers/nginx: Bump to v1.9.12 (#574342)

Changes:
  - Bumped to EAPI=6

  - nginx_modules_http_fancyindex bumped to v0.3.6

  - nginx_modules_http_lua bumped to v0.10.1rc1

  - nginx_modules_http_auth_ldap bumped to 8517bb05ecc896b54429ca5e95137b0a386bd41a

Bug: https://bugs.gentoo.org/show_bug.cgi?id=574342

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest            |   4 +
 www-servers/nginx/nginx-1.9.12.ebuild | 758 ++++++++++++++++++++++++++++++++++
 2 files changed, 762 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 87bb5d0..3888afd 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,8 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
+DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
+DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
 DIST nginx-auth-ldap-d0f2f829f708792ee97a9241c9c6ffd33c47c7c1.tar.gz 16349 SHA256 7c1628d7e6ebb3a41ec916334014b74acc32dd09a0830752a2d03be0be3223c8 SHA512 2929f2b1170eef0ede4888beb8d5c0d0d45095fc1a3358dbe81b55bfc7468e53b981b1784a5fb9257a5888645d5fc3ae4fab950e6b4525f6dd0bb4d96076f0f6 WHIRLPOOL 626d88396af16373622532a349a2f21418191ad4073bb4b56980cbc5f219e40cee8786f5233ced2d7c5de698537d5337698ecc4a49181c960fbd0ac4a4ab14be
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -11,10 +13,12 @@ DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5
 DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
 DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
+DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
 DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
 DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
 DIST ngx_http_lua-0.10.0.tar.gz 569372 SHA256 cf31c64b107a54999fdf8b68e8b8d52d88a3c95d9307417f049c32c5687ed780 SHA512 8d1b07a040368e236a3473c5e9ed7aac6867743c08b57ffe7c708806ccee87e6dfca5412f37753f2576ca7a518acbd06fa0fd573c75e864c6bcfbed160f7221e WHIRLPOOL ec541230caf172802fb200fe11a185879a5c533cd41c3e3ba56b441aa4f82e2101f27156e8a17cda97960cc6ffa8814dc1005e7f1f8e4f7f86f0b847ed25220a
+DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270

diff --git a/www-servers/nginx/nginx-1.9.12.ebuild b/www-servers/nginx/nginx-1.9.12.ebuild
new file mode 100644
index 0000000..83a0713
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.12.ebuild
@@ -0,0 +1,758 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.1rc1"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.0"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${stream}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Jason Donenfeld]

commit:     0f91d5ac7023e7f4e1124e65344845a378c6c056
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Thu Mar  3 10:35:10 2016 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Thu Mar  3 10:35:10 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f91d5ac

www-servers/nginx: Support libressl

Package-Manager: portage-2.2.27

 www-servers/nginx/nginx-1.9.12.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/www-servers/nginx/nginx-1.9.12.ebuild b/www-servers/nginx/nginx-1.9.12.ebuild
index 83a0713..0892a61 100644
--- a/www-servers/nginx/nginx-1.9.12.ebuild
+++ b/www-servers/nginx/nginx-1.9.12.ebuild
@@ -138,6 +138,9 @@ HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
 HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
 inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     d350f1eab42a00fd7930ffc59bb9120d42e56f46
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Mar  6 17:21:34 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Mar  6 17:21:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d350f1ea

www-servers/nginx: Remove old

Package-Manager: portage-2.2.27

 www-servers/nginx/Manifest               |   5 -
 www-servers/nginx/nginx-1.9.10-r3.ebuild | 761 -------------------------------
 www-servers/nginx/nginx-1.9.10.ebuild    | 695 ----------------------------
 3 files changed, 1461 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 3888afd..b0dd032 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,9 +1,7 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.10.tar.gz 889267 SHA256 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 SHA512 60a736afe98e46abeb572c938702b09b0098164584bf8b5c1978c2b83269b6c2b99a60b7c8c9482230c26eebaeeb684f3aa7db52af4d7a3c18434542730873e0 WHIRLPOOL 8f285f6d4c4f7e312791d7dc6fc072dbb1207315fcb7facac0ce958389473641de2f2c2cd03cfd11c0df3a16abd84522bb150090b561a46752e8b6317363fbeb
 DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
-DIST nginx-auth-ldap-d0f2f829f708792ee97a9241c9c6ffd33c47c7c1.tar.gz 16349 SHA256 7c1628d7e6ebb3a41ec916334014b74acc32dd09a0830752a2d03be0be3223c8 SHA512 2929f2b1170eef0ede4888beb8d5c0d0d45095fc1a3358dbe81b55bfc7468e53b981b1784a5fb9257a5888645d5fc3ae4fab950e6b4525f6dd0bb4d96076f0f6 WHIRLPOOL 626d88396af16373622532a349a2f21418191ad4073bb4b56980cbc5f219e40cee8786f5233ced2d7c5de698537d5337698ecc4a49181c960fbd0ac4a4ab14be
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
@@ -15,12 +13,9 @@ DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
 DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_headers_more-0.28.tar.gz 26948 SHA256 67e5ca6cd9472938333c4530ab8c8b8bc9fe910a8cb237e5e5f1853e14725580 SHA512 ed39930ddb416ab3510c3649f296e55474584bf1e9c9855c2330c0ec04d208865d242f54c55dbac79a4871803197fd930c20396a3b70f0f5fb009318d3c12254 WHIRLPOOL 7c0455c6ac15a033e62126ff8bb246d3d0315a2b18c095bdb0867669daa2387a5dfa4fdfbf038b8392ac4ee42c671a49ac742bd28352b2f5fbcf6fee423df1a2
 DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
-DIST ngx_http_lua-0.10.0.tar.gz 569372 SHA256 cf31c64b107a54999fdf8b68e8b8d52d88a3c95d9307417f049c32c5687ed780 SHA512 8d1b07a040368e236a3473c5e9ed7aac6867743c08b57ffe7c708806ccee87e6dfca5412f37753f2576ca7a518acbd06fa0fd573c75e864c6bcfbed160f7221e WHIRLPOOL ec541230caf172802fb200fe11a185879a5c533cd41c3e3ba56b441aa4f82e2101f27156e8a17cda97960cc6ffa8814dc1005e7f1f8e4f7f86f0b847ed25220a
 DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
-DIST ngx_http_lua-0.9.19.tar.gz 542445 SHA256 2b41d4d2627fda76946f194aae6c2b4d89bb59afd792d397c6b481ee82c10eb4 SHA512 9467742c4f5ac164fd33263990bbc5719069a7549413486586406e007156719de77e95944db8201deb2f3e7fc4ce9aa4ada027f89f0e421117dc29018b2fed1c WHIRLPOOL 9853ee88a491fd3844975a8c920032e76f36ed8d7d34033f3a744acb7ed8116fd45efb75a37c918edb912d3c5d203f5c83111ec82b5ab8acdad13632e47df1e8
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2

diff --git a/www-servers/nginx/nginx-1.9.10-r3.ebuild b/www-servers/nginx/nginx-1.9.10-r3.ebuild
deleted file mode 100644
index 8aff379..0000000
--- a/www-servers/nginx/nginx-1.9.10-r3.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.0"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="d0f2f829f708792ee97a9241c9c6ffd33c47c7c1"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.9.10.ebuild b/www-servers/nginx/nginx-1.9.10.ebuild
deleted file mode 100644
index 6c88b32..0000000
--- a/www-servers/nginx/nginx-1.9.10.ebuild
+++ /dev/null
@@ -1,695 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.28"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.5"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.9.19"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (http://www.grid.net.ru/nginx/mogilefs.en.html, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="http://www.grid.net.ru/nginx/download/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif fastcgi
-geo gzip limit_req limit_conn map memcached proxy referer rewrite scgi ssi
-split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip gzip_static
-image_filter mp4 perl random_index realip secure_link stub_status sub xslt"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc"
-
-IUSE="aio debug +http http2 +http-cache ipv6 libatomic luajit +pcre pcre-jit rtmp
-selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? ( dev-libs/openssl:0= )
-	http2? ( >=dev-libs/openssl-1.0.1c:0= )
-	http-cache? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? ( userland_GNU? ( dev-libs/openssl:0= ) )
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	epatch_user
-
-	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled=
-
-	use aio		  && myconf+=( --with-file-aio )
-	use debug	  && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6	  && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre	  && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-		if use nginx_modules_http_memc ; then
-				http_enabled=1
-				myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-		fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Ian Delaney]

commit:     06bff878c905f2724e0db044127752b29c6bb7fa
Author:     Johan Bergström <bugs <AT> bergstroem <DOT> nu>
AuthorDate: Thu Mar 31 00:57:09 2016 +0000
Commit:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
CommitDate: Thu Mar 31 03:44:14 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06bff878

www-servers/nginx: version bump to 1.9.13

Update 3rd party modules:
 - lua
 - modsecurity

Upstream changes: http://nginx.org/en/CHANGES
Closes: https://github.com/gentoo/gentoo/pull/1169

Signed-off-by: Ian Delaney <idella4 <AT> gentoo.org>

 www-servers/nginx/Manifest            |   3 +
 www-servers/nginx/nginx-1.9.13.ebuild | 761 ++++++++++++++++++++++++++++++++++
 2 files changed, 764 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b0dd032..62b07fd 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,8 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
+DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
+DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -15,6 +17,7 @@ DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b1
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
 DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
 DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
+DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8

diff --git a/www-servers/nginx/nginx-1.9.13.ebuild b/www-servers/nginx/nginx-1.9.13.ebuild
new file mode 100644
index 0000000..7b03064
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.13.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.2"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.4"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${stream}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     9baaf1c4d0afdf68cb2789a6c0a00da71fe015e6
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 10 00:43:16 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Apr 10 00:43:16 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9baaf1c4

www-servers/nginx: Version bump to 1.9.14

Package-Manager: portage-2.2.28

 www-servers/nginx/Manifest            |   2 +
 www-servers/nginx/nginx-1.9.14.ebuild | 761 ++++++++++++++++++++++++++++++++++
 2 files changed, 763 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 62b07fd..67f8139 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,11 +3,13 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
 DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
+DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
 DIST ngx_http_auth_pam-1.4.tar.gz 6502 SHA256 095742c5bcb86f2431e215db785bdeb238d594f085a0ac00d16125876a157409 SHA512 8d60347c666736ef39161b287ad32820ad6be4695f1c0f27a000d46bfc7e26c95233247d39cf37296518a6329ba73f06756d0b0b68157b0e5f67796f73264db3 WHIRLPOOL 2f0e60366cf43727c9b3aa07d2cb803a997cb9a4f48ba28e575f470bbb7c28115f41d390e306219ad130501a62e204d403bbca5ee784628fbca35b407f51702c
+DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca4470223e3a00d287d17c0dbdc9a114a685b6e7 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261 WHIRLPOOL 4fcaadee859f325c734aa16763702ee40284d1debcfbf5df1cb9aadf2bfc72c1e8d0e5b9d1495f34fc719f4d7fa3e653797fa7917f8fd0437fa2023a1930f667
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
 DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
 DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8

diff --git a/www-servers/nginx/nginx-1.9.14.ebuild b/www-servers/nginx/nginx-1.9.14.ebuild
new file mode 100644
index 0000000..1196931
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.14.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.2"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${stream}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     73f6732e4e32cbdbad3519d7b0e5f2cd75c0be10
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 24 16:02:52 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Apr 24 16:02:52 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73f6732e

www-servers/nginx: Version bump to 1.9.15

Package-Manager: portage-2.2.28

 www-servers/nginx/Manifest            |   1 +
 www-servers/nginx/nginx-1.9.15.ebuild | 761 ++++++++++++++++++++++++++++++++++
 2 files changed, 762 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 67f8139..a3279ee 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d
 DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
 DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
 DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
+DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb

diff --git a/www-servers/nginx/nginx-1.9.15.ebuild b/www-servers/nginx/nginx-1.9.15.ebuild
new file mode 100644
index 0000000..1196931
--- /dev/null
+++ b/www-servers/nginx/nginx-1.9.15.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.2.19"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.29"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.3.6"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.2"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.58"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.16"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_ajp; then
+		eerror "The AJP module currently doesn't build for nginx >1.8."
+		eerror "It will be reintroduced with the 1.9 series when proven stable."
+		eerror "Either disable it or stick with nginx 1.7.x."
+		die "AJP module not supported"
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}/check-1.9.2".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${stream}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     8af21e49d6429de0039df27c84685a352f0ce38a
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 24 17:18:39 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Apr 24 18:16:16 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8af21e49

www-servers/nginx: Remove old

Package-Manager: portage-2.2.28

 www-servers/nginx/Manifest            |   3 -
 www-servers/nginx/nginx-1.9.12.ebuild | 761 ----------------------------------
 www-servers/nginx/nginx-1.9.13.ebuild | 761 ----------------------------------
 3 files changed, 1525 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a3279ee..e29cd6e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,8 +1,6 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.12.tar.gz 899183 SHA256 1af2eb956910ed4b11aaf525a81bc37e135907e7127948f9179f5410337da042 SHA512 b5f4cae48c85cdc9a95006b6a321834de9d18981cb1a25670c9fc948d86b9a8906d25a1ca174626eb418b0afdb3f2e1df3cbb6f5a48bd781e39e2470a4d52520 WHIRLPOOL 0b6300528ae1c29e4f7647cdbe0ea6254b1bccbdcd7f0185b2bff25409aba093c089e5fa3c1a828e2cf7f55fa6d9d2f8b818f85014f37ccbf335a71cb2e93e32
-DIST nginx-1.9.13.tar.gz 907611 SHA256 f7cd529a5879cd9cd5b62e6fc4a3a7e8d8363cb12c080ab480cc718c55736609 SHA512 883e3d3be7a2a9abbeca54bed5b7004fc9810c1548a4de8f09ffc453ee077e75abfd0ae21bc87cd0814278a2cfefd2a5814b03faf4ec0298afbf75e530eb62f0 WHIRLPOOL 38d2e5006de6d9af2575d5b166051b3fa04406da89a6336b021b0a41be0f227566973fbeaaa9ae11967597c90f999dffd67129854693bc56ee840bed5fae5dd2
 DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
 DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
@@ -19,7 +17,6 @@ DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9
 DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
 DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
-DIST ngx_http_lua-0.10.1rc1.tar.gz 574793 SHA256 7b741a45ba8c66972fc7261cd191bdc89179ad9cebbc5af59c899c56811b8838 SHA512 6d9ab941bd89b6a4effb6ccec8aca7058ae4d0f1baa712616222f2fc7d60d78c76c33113a04c5ef71d28cfe55b6247720bd902726f8e93ed64ae50a84f653c0f WHIRLPOOL c494bec5318590f2c1e9e2ed06d4e2d15eb88d6feecb1208a1f968f466309742445c5316bdfbc4170aa5468f654399657799f3ae8a85248a8daa8a0b0ddd0cdd
 DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270

diff --git a/www-servers/nginx/nginx-1.9.12.ebuild b/www-servers/nginx/nginx-1.9.12.ebuild
deleted file mode 100644
index 0892a61..0000000
--- a/www-servers/nginx/nginx-1.9.12.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.1rc1"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.0"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.9.13.ebuild b/www-servers/nginx/nginx-1.9.13.ebuild
deleted file mode 100644
index 7b03064..0000000
--- a/www-servers/nginx/nginx-1.9.13.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.4"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     18052d2432f8bdfd67092a09b5bb27702ef8763c
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed May  4 14:18:32 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed May  4 14:18:50 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18052d24

www-servers/nginx: Fix blocker

Package-Manager: portage-2.2.28

 www-servers/nginx/nginx-1.10.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
index cc19cc7..159f891 100644
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ b/www-servers/nginx/nginx-1.10.0.ebuild
@@ -269,7 +269,7 @@ CDEPEND="
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
+	!www-servers/nginx:mainline"
 DEPEND="${CDEPEND}
 	arm? ( dev-libs/libatomic_ops )
 	libatomic? ( dev-libs/libatomic_ops )"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Manuel Rüger]

commit:     df2b27ea2f3e0d092290dd93cd007e3252779734
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Wed May  4 14:19:47 2016 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Wed May  4 14:19:47 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df2b27ea

www-servers/nginx: Remove old

Package-Manager: portage-2.2.28

 www-servers/nginx/Manifest            |   1 -
 www-servers/nginx/nginx-1.9.14.ebuild | 761 ----------------------------------
 2 files changed, 762 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 0c541fc..26d2866 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,7 +2,6 @@ DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde08
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.0.tar.gz 908954 SHA256 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d SHA512 495da729ce6de935399c2bf7fc0c2cd112197d9dba6d8604f639d5815cbb8bb3ff70e994f942785481e064cc1df97211f886297ee72519b332a7197999d9f14e WHIRLPOOL 889e723f635909d1b562663ed46b27edac83b63143c10c2c53e70dc6dccf3a378f8fef3f2f19641879dc9f812880b4f51ef0d438d80ede395ffda38987b13dd3
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.14.tar.gz 908191 SHA256 2b4893076d28e6b4384bba8c4fdebfca6de6f8f68ec48a1ca94b9b855ff457d2 SHA512 e73a10495a8b199856f4e5d6f428b46e0b1148cee26c8517e360130d9f1e85028b28f311879d31f37e1d3facccf6f215377e984ae937a44f45245fe09a3be90e WHIRLPOOL c4e1d2b8181b9c8c967de2d68314c05c28a1fe44bd35809f3672c2ff9b02d08e2f572970ab0328f85dbe9b29c6dae0c4ebb33586a8c70053e764158c055fa8d8
 DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70

diff --git a/www-servers/nginx/nginx-1.9.14.ebuild b/www-servers/nginx/nginx-1.9.14.ebuild
deleted file mode 100644
index 1196931..0000000
--- a/www-servers/nginx/nginx-1.9.14.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Patrice Clement]

commit:     d4933e328ca43fbc4a09343fe8ecbacad1dbee6e
Author:     everpcpc <git <AT> everpcpc <DOT> com>
AuthorDate: Fri May  6 13:15:04 2016 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sat May  7 22:19:19 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4933e32

www-servers/nginx: Fix typo for using stream upstream module

Closes: https://github.com/gentoo/gentoo/pull/1421

Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
index ef851c4..2058354 100644
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ b/www-servers/nginx/nginx-1.10.0.ebuild
@@ -529,7 +529,7 @@ src_configure() {
 				myconf+=( --without-stream_upstream_least_conn_module )
 				myconf+=( --without-stream_upstream_zone_module )
 			else
-				myconf+=( --without-stream_${stream}_module )
+				myconf+=( --without-stream_${mod}_module )
 			fi
 		fi
 	done

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Kristian Fiskerstrand]

commit:     e11826d4e2abd587b5324528c50c0ddc17c3da69
Author:     Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Sat Jun 11 15:16:14 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 15:48:11 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e11826d4

www-servers/nginx: Security cleanup

Gentoo-Bug: 584744

Package-Manager: portage-2.3.0_rc1

 www-servers/nginx/Manifest            |   9 -
 www-servers/nginx/nginx-1.10.0.ebuild | 761 ----------------------------------
 www-servers/nginx/nginx-1.9.15.ebuild | 761 ----------------------------------
 3 files changed, 1531 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index aea8b5f..f9608ef 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,11 +1,8 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
-DIST nginx-1.10.0.tar.gz 908954 SHA256 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d SHA512 495da729ce6de935399c2bf7fc0c2cd112197d9dba6d8604f639d5815cbb8bb3ff70e994f942785481e064cc1df97211f886297ee72519b332a7197999d9f14e WHIRLPOOL 889e723f635909d1b562663ed46b27edac83b63143c10c2c53e70dc6dccf3a378f8fef3f2f19641879dc9f812880b4f51ef0d438d80ede395ffda38987b13dd3
 DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
 DIST nginx-1.11.1.tar.gz 913417 SHA256 5d8dd0197e3ffeb427729c045382182fb28db8e045c635221b2e0e6722821ad0 SHA512 01330a5200b9b5ac5788cd95b2857d2ff87bf0a073a93e3e441b89d19f12137b496e6de67145c04cc74ba88d599a7be96d622f29785e30df23fc8a657adf8b2a WHIRLPOOL e902d408f45eb9168db5a5220275896a072419660505eb45816280f1a2d2150593262d601583d2c34b521fae560fdd237e6609e85bf03a30b7721c10299a207e
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
-DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
-DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
@@ -16,27 +13,21 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca447022
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
 DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
 DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
-DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
 DIST ngx_http_echo-0.59.tar.gz 52703 SHA256 9b319ad7836202883128d2b9c24ed818082541df57ef7f2065b7557085c603cd SHA512 803c431da00160f62ee98e126d244fb97b2d9dca08137daabf55504f012598f8e2c689841c2e8bfced5f07ce24c46933c49b3feffc09ca0b5f07dc10e34546ee WHIRLPOOL a709ded0dd1af2b6c1c5da6f065834ab7715eb736f36018acf06c2c10389bf896dc4459acbbb479340b9da6f287143cd25fca7df503acea457cf0933ba67e9a1
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
-DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
 DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af4015d3988783016dc9145edebec17c7e230 SHA512 47fd9f405475f96958eb255f9051a9bde1ad8b515356bbaff8f8034ee34ecc17e3574c1d104496c5069c8986e047ca0de386f1b7d2f7317f15be98d69e74b624 WHIRLPOOL 4972eea9f6b8373b4bbcf73c66fe3dc635bc6326f264febc9a5a0fc620d44f1a3d1f98c91c1d2acb6779729a1e188c1f4a8750972266d1e463658529d37fa596
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
-DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
 DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
-DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
 DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_push_stream-0.4.1.tar.gz 166928 SHA256 553584f557a3faec73702550e7e1417cbc0021f4f98468cc83e61e9d94def5cc SHA512 3b2289cc3abe6df0ee39360816675a39de1669a284e23770aa04b29e1e5dc73f5d99f3db6c7e8e4895a4abad0602aa64024ec19a2e741e138a70191501f038be WHIRLPOOL 9d203d4a78a3bd189527ebeaf1ff98613ee6a3150ae433efa17ed45dd9f6cb263b2a4c329a6fc2d04c6583ac2beaf24e87e3263d71a910f720b80038c9bc09c2
-DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d94c0b43e1265df7fd0f1eba11a337c1e0a626 SHA512 b996c6fe48b97540d1ee9879f37aca1a4c8262ad7577d607d402a00d79f5d32676f010da303f89db18e6f90351b8bb5cf0265338cc5df8154e94d5f332a227c8 WHIRLPOOL aacf93841af0384b2be1d4075ceb23e67b89a4cac0a06fe40e2efd5f0334309ccc83e29014c9746dda9e6b59df0866f0a796c0a9dc9d14e2625a11c019c8e79d
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
 DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
 DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
-DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
 DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61

diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
deleted file mode 100644
index 43a0eac..0000000
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.9.15.ebuild b/www-servers/nginx/nginx-1.9.15.ebuild
deleted file mode 100644
index 1196931..0000000
--- a/www-servers/nginx/nginx-1.9.15.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.2.19"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.29"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.3.6"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.2"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/agentzh/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.58"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/agentzh/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.1"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.16"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="8517bb05ecc896b54429ca5e95137b0a386bd41a"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_ajp; then
-		eerror "The AJP module currently doesn't build for nginx >1.8."
-		eerror "It will be reintroduced with the 1.9 series when proven stable."
-		eerror "Either disable it or stick with nginx 1.7.x."
-		die "AJP module not supported"
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}/check-1.9.2".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}"
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}"
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${stream}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r2 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/{README.markdown,doc/HttpEchoModule.wiki}
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Kristian Fiskerstrand]

commit:     9d8b4adb72f5912b8c121bdda6ffee72e08926d7
Author:     Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Sat Jun 11 15:14:07 2016 +0000
Commit:     Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Sat Jun 11 15:48:05 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d8b4adb

www-servers/nginx: Version bump

Gentoo-Bug: 584212
Gentoo-Bug: 584744

Package-Manager: portage-2.3.0_rc1

 www-servers/nginx/Manifest            |   8 +
 www-servers/nginx/nginx-1.10.1.ebuild | 754 ++++++++++++++++++++++++++++++++++
 www-servers/nginx/nginx-1.11.1.ebuild | 754 ++++++++++++++++++++++++++++++++++
 3 files changed, 1516 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8f597c4..aea8b5f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,8 @@
 DIST modsecurity-2.9.0.tar.gz 4246467 SHA256 e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 SHA512 1af04f29bf23c51d03cdd3795c530f88b523a645aa02d776a6b23dcbc31decec7cd574919e5c7c7cf82684df2774062de5e465bddbbaf4c01a442c6d49401d3d WHIRLPOOL 1167ba6048a3ca05dcdabf03c67ae12720cca0cec74547fc223ee92ff76b6d5131785fa77b5f16da180e56590c851c192eaf02817b798e4d6f41fa6bfb2735a6
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.0.tar.gz 908954 SHA256 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d SHA512 495da729ce6de935399c2bf7fc0c2cd112197d9dba6d8604f639d5815cbb8bb3ff70e994f942785481e064cc1df97211f886297ee72519b332a7197999d9f14e WHIRLPOOL 889e723f635909d1b562663ed46b27edac83b63143c10c2c53e70dc6dccf3a378f8fef3f2f19641879dc9f812880b4f51ef0d438d80ede395ffda38987b13dd3
+DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
+DIST nginx-1.11.1.tar.gz 913417 SHA256 5d8dd0197e3ffeb427729c045382182fb28db8e045c635221b2e0e6722821ad0 SHA512 01330a5200b9b5ac5788cd95b2857d2ff87bf0a073a93e3e441b89d19f12137b496e6de67145c04cc74ba88d599a7be96d622f29785e30df23fc8a657adf8b2a WHIRLPOOL e902d408f45eb9168db5a5220275896a072419660505eb45816280f1a2d2150593262d601583d2c34b521fae560fdd237e6609e85bf03a30b7721c10299a207e
 DIST nginx-1.8.1.tar.gz 833473 SHA256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 SHA512 546eba1749af0034cb8b924d2432be2f0e82a75c545aa929391ef7234103c3f29376235a2ef1363b120e1825cda15aeb085a05f9ce3596c88466e112e82aa882 WHIRLPOOL cd399083fb14bdb3498f1cd91a1cb59a73d37f323ce7c2a32500c9443f654cb5449137708cf149a0126aedb77abec9d1eb3dce3121f0b378d7d70e8eb18062af
 DIST nginx-1.9.15.tar.gz 908984 SHA256 cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 SHA512 563cec7828d1e398ded83579c3c4afcd83fd809662e64a0212e25a34ce1b599135558e9fd8cee3e07ba028ee4b308e40ce9910a5071a3d8e3b7ec9f9bdef95f0 WHIRLPOOL b87dd96b1fa34824fb6ca16da39d72cf6036f6276766ef420c3be8ceac8e8639ff74e842c1ffd5f8f2dd03d7c411197a05049c1673dc70862cee662b494da88f
 DIST nginx-auth-ldap-8517bb05ecc896b54429ca5e95137b0a386bd41a.tar.gz 16950 SHA256 2f0b1a65847ea1da801a99b654f132e1c814d2fa49a43a324d8fc4ce6327935f SHA512 65b0aec3a4b28625ef93d166f659d63b9ef7d971dea78b09987eaa02f632bf5b8f6c9afdb6ef444afa466dba7ff67180cad27e138e6818c2ba80bc804f140ca6 WHIRLPOOL 9ef896fa3501415e2c7022448783626af256c6c3878fcca5d6cc042a9789937147eb4c3743f92002ab8d09e4ce828532b9ae321dc284ef2560801da98153d146
@@ -8,17 +10,22 @@ DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA25
 DIST nginx_http_sticky_module_ng-1.2.5.tar.bz2 124072 SHA256 f975c033eb3c342f7247f6524774bbb727aaf630ed984576dbafe5de7a790c58 SHA512 d6ae723f739efb2f0548461931b1c395801684759962beda08067111426b1c9787ceaede91b0e984c023108fd17864c53c53925506f7e8e25ec8d2fc065585f6 WHIRLPOOL 1013c6a51f5989c8131392b3d9704d42c99f9727a673f6205878d0b7dfd265bb6042c1d30089603c9b38e339d48302e6873e77fe380b7e8edba25b71e9e84ba6
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.2.19-r1.tar.gz 65029 SHA256 501f299abdb81b992a980bda182e5de5a4b2b3e275fbf72ee34dd7ae84c4b679 SHA512 915954acf16a27fbd3c93c154012d38e864f1d8dfd51cde401bba26e46eb3e3c778ec4c92f4f8ed83ac001e96cee72765554d0e4da06acf6a4be5184b23b3657 WHIRLPOOL 0ce6bffc0fe2cef28ee74f5862ca6d914ed18fdee18d900608ff2a9983594c707aab3e335957b79dd7e77ae1beed054d8f71965ca0f57fc5f1d41ac06106c5a4
+DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
 DIST ngx_http_auth_pam-1.4.tar.gz 6502 SHA256 095742c5bcb86f2431e215db785bdeb238d594f085a0ac00d16125876a157409 SHA512 8d60347c666736ef39161b287ad32820ad6be4695f1c0f27a000d46bfc7e26c95233247d39cf37296518a6329ba73f06756d0b0b68157b0e5f67796f73264db3 WHIRLPOOL 2f0e60366cf43727c9b3aa07d2cb803a997cb9a4f48ba28e575f470bbb7c28115f41d390e306219ad130501a62e204d403bbca5ee784628fbca35b407f51702c
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca4470223e3a00d287d17c0dbdc9a114a685b6e7 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261 WHIRLPOOL 4fcaadee859f325c734aa16763702ee40284d1debcfbf5df1cb9aadf2bfc72c1e8d0e5b9d1495f34fc719f4d7fa3e653797fa7917f8fd0437fa2023a1930f667
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
 DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
 DIST ngx_http_echo-0.57.tar.gz 65073 SHA256 8467237ca0fae74ca7a32fbd34fc6044df307098415d48068214c9c235695a07 SHA512 c89780eca9267c9984a022a4dbd9ebf603dbd5c323bfea5ea7898ca9fc0a744388ce7520e7a9799aeabd6573f8e71ee595fe9998fa54e5d5c412b21031edd31d WHIRLPOOL e481b6f57a6ff48706fa7e281f31f15a5522c29b98620559cebe8412207d5595497cdce9156e7762cceff6369e9f678d5a81bf3c83fb2e8c5d8786622f1c27b8
 DIST ngx_http_echo-0.58.tar.gz 64779 SHA256 190fe3977dd1910e82059f30f9baae3da2ee6e6fb50f18c9bc2605a19dbb9626 SHA512 03bca117b2a7f9fa78450d24b2a25fcf19528a37d842dbd740e9ccf0f3ad6652d9927757f1317441438ec1e474211e2b4c84829015a51c5e25ca9f2dbd3809a0 WHIRLPOOL 0c3623f881cd127d1f3450f6e46456d98501d9d21f5292ec6bae877fa3020adbaae2dbb83f105c8c7eb0273fedd927753238d2399385721167680200c8b51a15
+DIST ngx_http_echo-0.59.tar.gz 52703 SHA256 9b319ad7836202883128d2b9c24ed818082541df57ef7f2065b7557085c603cd SHA512 803c431da00160f62ee98e126d244fb97b2d9dca08137daabf55504f012598f8e2c689841c2e8bfced5f07ce24c46933c49b3feffc09ca0b5f07dc10e34546ee WHIRLPOOL a709ded0dd1af2b6c1c5da6f065834ab7715eb736f36018acf06c2c10389bf896dc4459acbbb479340b9da6f287143cd25fca7df503acea457cf0933ba67e9a1
 DIST ngx_http_fancyindex-0.3.5.tar.gz 14837 SHA256 e0998e83be58bc5787fa9243a76a9d21de3cd01088d3cf63177ba88a562634a1 SHA512 ddb4ab3e8e47e1c49680db3e9f648f7cd582c07f963204105118e61432fa1e80c3f1bce69ed689db383011a9c155184bcc7e931eeae20bbd7cbdb5d4eb35a0a8 WHIRLPOOL a45db854d75f05a59c6f5e67c652850b5410162e7852abda20bb6720d29cc716f25ce7ea93ef52f9ff3f11d6d3a744c1fa4c7a6270fc1bd6d42f6743accb8e73
 DIST ngx_http_fancyindex-0.3.6.tar.gz 17252 SHA256 e73f1f0444f8c53601b51da8684b174c5ffd3b4ed6eb7956dd57f8b95485b68f SHA512 ca2de16eef7d5e94104f44f180ebd98674c5799409d70d95fd6359512861efaa95d5242a9eb661363bcc5110032965f326e735a2b8fcfaaf29381023fd11a76e WHIRLPOOL 68c089a11a39685e3cb934c12daf12bd4c7176da6d17a26d4ec18f5bb44c480695e622c732925255c10af4bf819aa52da0dcf457ca40bffdc8a6673a10440823
+DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af4015d3988783016dc9145edebec17c7e230 SHA512 47fd9f405475f96958eb255f9051a9bde1ad8b515356bbaff8f8034ee34ecc17e3574c1d104496c5069c8986e047ca0de386f1b7d2f7317f15be98d69e74b624 WHIRLPOOL 4972eea9f6b8373b4bbcf73c66fe3dc635bc6326f264febc9a5a0fc620d44f1a3d1f98c91c1d2acb6779729a1e188c1f4a8750972266d1e463658529d37fa596
 DIST ngx_http_headers_more-0.26.tar.gz 28028 SHA256 d6bdc51f9e778a3b23e41a51cae542c1467a1e5e55c1329a7ffc454be084fb6f SHA512 842927de67d28f3cff596607f209d1004b6d49f1d45b861758405ed6fe6f7aab76ad63530ccdfff1c1947db1190dd65dee0a29f50026bfa7a39a9a051561cf88 WHIRLPOOL 0dc37c36717be40a07112388d913d20bc99d76f90604da618d5547f24d93c636c14c2cca18191ff5916b40ec0113da648cfc07e1c00b1853f2b15ce056d5f3d7
 DIST ngx_http_headers_more-0.29.tar.gz 27144 SHA256 0a5f3003b5851373b03c542723eb5e7da44a01bf4c4c5f20b4de53f355a28d33 SHA512 50a45922f8d2d54fca345bf47df71035362a6868b86872528f2414386c15cdcdb5466ea2c0b7c7303dc85084f94ee05e7411da8836cde3cd549c576431c7ef14 WHIRLPOOL bfc3261b6b0a4add707069383ae1241b2bad02099c86985b87cdc595a49eb3eea0c5295d912f536c01110f7954f6738870ad72f1230a202824b5bc00293c7ddd
+DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
 DIST ngx_http_lua-0.10.2.tar.gz 575525 SHA256 155feeff08a0b2efaf980705b9ef83d0b341e6d011adad8e2679ea4105668134 SHA512 33ad538f0f63aae91b691ceda593899881b3ac0ea48da6814724d9bfe3d74b323ac5f3b8bc2fa03116c5cd1045e2a12db4e9bf96c8172a96ec1c6cd0b30199fa WHIRLPOOL 6450f144fcae55756b1c2f879cf68a1d2369475ece910951c54e10cd7c4ef266ead56397cef5c4d6c4963f5c11124af635daa415af05524703ff96b9ff5edcfb
+DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
 DIST ngx_http_lua-0.9.15.tar.gz 520190 SHA256 659fe4c201f4a4ae1007fa029cef472aaa837bf0904babb6158f83b86536c5b7 SHA512 1d809f873ced8e50422298bb4b730b8e7aaf442c11570cbe892fd73a414ff4f6d6eca7be8b2d2dbf57a136136b17d80596ee2f2f195dcb59776e78df5a94ae92 WHIRLPOOL caf128254f99d674eb370779c6e41c0b459be1c5a2baac7df1ff3498a38349bd2c140594eea3eb29c468a366e265421f90363886be73db0b3484cc6f386cb563
 DIST ngx_http_naxsi-0.53-2.tar.gz 165690 SHA256 3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 SHA512 ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c WHIRLPOOL c5b736dbe9bd66daf7e023f176a08f78225b61990781d7ad5a55d0f35391df7e05bf1b2623a6227e0355cf0204ef9eac1b9fa03aa62b3c0d6eac515f1213f270
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
@@ -30,6 +37,7 @@ DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77
 DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
 DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
 DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
+DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5

diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
new file mode 100644
index 0000000..94c82d7
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -0,0 +1,754 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.30"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.0"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.5"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.59"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

diff --git a/www-servers/nginx/nginx-1.11.1.ebuild b/www-servers/nginx/nginx-1.11.1.ebuild
new file mode 100644
index 0000000..5b4e977
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.1.ebuild
@@ -0,0 +1,754 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.30"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.0"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.5"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.7"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.59"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}"
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}"
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     5966cca7ae7c43ecca6b2596ce7a2f2223e2153a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 13 12:25:59 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 13 12:25:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5966cca7

www-servers/nginx: amd64 stable wrt bug #584744

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
index 94c82d7..a592a09 100644
--- a/www-servers/nginx/nginx-1.10.1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     6c84185b7d5bcc3958fd88e37386e02848632eae
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 13 12:26:48 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 13 12:26:48 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c84185b

www-servers/nginx: x86 stable wrt bug #584744

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
index a592a09..55ec9b2 100644
--- a/www-servers/nginx/nginx-1.10.1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Lars Wendler]

commit:     3f6a2bd81eb91481c2ccc0914773410e97c02e0d
Author:     Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Tue Jul 19 23:55:30 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 26 09:51:25 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f6a2bd8

www-servers/nginx: Fix user/group configure argument (bug #588000)

Bug: https://bugs.gentoo.org/588000

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.1-r1.ebuild | 3 ++-
 www-servers/nginx/nginx-1.11.2.ebuild    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/www-servers/nginx/nginx-1.10.1-r1.ebuild b/www-servers/nginx/nginx-1.10.1-r1.ebuild
index 5912230..3c59016 100644
--- a/www-servers/nginx/nginx-1.10.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r1.ebuild
@@ -554,7 +554,8 @@ src_configure() {
 	tc-export CC
 
 	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
 	fi
 
 	./configure \

diff --git a/www-servers/nginx/nginx-1.11.2.ebuild b/www-servers/nginx/nginx-1.11.2.ebuild
index 0a7e068..471bfe0 100644
--- a/www-servers/nginx/nginx-1.11.2.ebuild
+++ b/www-servers/nginx/nginx-1.11.2.ebuild
@@ -560,7 +560,8 @@ src_configure() {
 	tc-export CC
 
 	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
 	fi
 
 	./configure \

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Lars Wendler]

commit:     241566775da8ad5bb854d98aa84f0bb89757ae0c
Author:     Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Wed Jul 20 00:20:06 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 26 09:51:28 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24156677

www-servers/nginx: Drop AJP HTTP module leftovers

Bug: https://bugs.gentoo.org/587844

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.1-r1.ebuild | 1 -
 www-servers/nginx/nginx-1.11.2.ebuild    | 1 -
 2 files changed, 2 deletions(-)

diff --git a/www-servers/nginx/nginx-1.10.1-r1.ebuild b/www-servers/nginx/nginx-1.10.1-r1.ebuild
index 3c59016..825a13b 100644
--- a/www-servers/nginx/nginx-1.10.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r1.ebuild
@@ -198,7 +198,6 @@ NGINX_MODULES_3RD="
 	http_security
 	http_push_stream
 	http_sticky
-	http_ajp
 	http_mogilefs
 	http_memc
 	http_auth_ldap"

diff --git a/www-servers/nginx/nginx-1.11.2.ebuild b/www-servers/nginx/nginx-1.11.2.ebuild
index 471bfe0..0c5275a 100644
--- a/www-servers/nginx/nginx-1.11.2.ebuild
+++ b/www-servers/nginx/nginx-1.11.2.ebuild
@@ -198,7 +198,6 @@ NGINX_MODULES_3RD="
 	http_security
 	http_push_stream
 	http_sticky
-	http_ajp
 	http_mogilefs
 	http_memc
 	http_auth_ldap"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     62d7ec2d20bd8695fed5fff62cdf31791e60940e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 20:44:04 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 20:44:47 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62d7ec2d

www-servers/nginx: Add myself as maintainer

Package-Manager: portage-2.3.0

 www-servers/nginx/metadata.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 6ba5f0f..150cf04 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -6,6 +6,10 @@
     <name>Tiziano Müller</name>
   </maintainer>
   <maintainer type="person">
+    <email>whissi@gentoo.org</email>
+    <name>Thomas Deutschmann</name>
+  </maintainer>
+  <maintainer type="person">
     <email>bugs@bergstroem.nu</email>
     <name>Johan Bergström</name>
     <description>Co-maintainer, CC on bugs.</description>

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     5075ae78397ebc8e05ba29e7e79cba0e32290eac
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 15 11:27:09 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 15 11:34:53 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5075ae78

www-servers/nginx: Dropping proxy-maintainer project; Rearranging maintainer order

Now that I am a Gentoo developer this package is no longer maintained
through proxy-maintainer project.

Rearranging maintainer order for proper bug assignment.

Package-Manager: portage-2.3.0

 www-servers/nginx/metadata.xml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 150cf04..2721de5 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -2,22 +2,18 @@
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
   <maintainer type="person">
-    <email>dev-zero@gentoo.org</email>
-    <name>Tiziano Müller</name>
-  </maintainer>
-  <maintainer type="person">
     <email>whissi@gentoo.org</email>
     <name>Thomas Deutschmann</name>
   </maintainer>
   <maintainer type="person">
+    <email>dev-zero@gentoo.org</email>
+    <name>Tiziano Müller</name>
+  </maintainer>
+  <maintainer type="person">
     <email>bugs@bergstroem.nu</email>
     <name>Johan Bergström</name>
     <description>Co-maintainer, CC on bugs.</description>
   </maintainer>
-  <maintainer type="project">
-    <email>proxy-maint@gentoo.org</email>
-    <name>Proxy Maintainers</name>
-  </maintainer>
   <use>
     <flag name="aio">Enables file AIO support</flag>
     <flag name="http">Enable HTTP core support</flag>

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     f3c2a26e1f50d245e6f06413b99f9d6102679999
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  3 21:10:29 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Sep  3 21:10:29 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3c2a26e

www-servers/nginx: Revision bump to update 3rd-party modules

 - nginx-upload-progress-module v0.9.1  -> v0.9.2
 - headers-more-nginx-module    v0.30   -> 0.31
 - ngx-fancyindex               v0.4.0  -> v0.4.1 (bug #592464)
 - lua-nginx-module             v0.10.5 -> 0.10.6
 - nginx-rtmp-module            v1.1.8  -> v1.1.9
 - echo-nginx-module            v0.59   -> 0.60

Gentoo-Bug: https://bugs.gentoo.org/592464

Package-Manager: portage-2.3.0

 www-servers/nginx/Manifest               |   6 +
 www-servers/nginx/nginx-1.11.3-r2.ebuild | 782 +++++++++++++++++++++++++++++++
 2 files changed, 788 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index da1e09c..3f50206 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -8,16 +8,22 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 SHA256 77676842919134af88a7b4bfca447022
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 SHA256 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0 WHIRLPOOL 5451ef3e33044210453995ea916acec679599c0ded5471d464db5003a07e7a06e9690812091148c2af7b50384e52b32e49136eac02e0330724ba2408d893f96c
 DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5c25a376dc3caab825bfd543e1ee530d SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74 WHIRLPOOL 5adbcea768fbb179249a03fe69304505ec09a1dafac848dd5e3cde96693c6fbcf6cf6c128ca116d02b36c1be0008807d9e86fee5b411e137b18b15a60291f29b
 DIST ngx_http_echo-0.59.tar.gz 52703 SHA256 9b319ad7836202883128d2b9c24ed818082541df57ef7f2065b7557085c603cd SHA512 803c431da00160f62ee98e126d244fb97b2d9dca08137daabf55504f012598f8e2c689841c2e8bfced5f07ce24c46933c49b3feffc09ca0b5f07dc10e34546ee WHIRLPOOL a709ded0dd1af2b6c1c5da6f065834ab7715eb736f36018acf06c2c10389bf896dc4459acbbb479340b9da6f287143cd25fca7df503acea457cf0933ba67e9a1
+DIST ngx_http_echo-0.60.tar.gz 52771 SHA256 1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c WHIRLPOOL 8938ac18aae74a5c4806ff3611c243c9bee108ef93fef7b0da284040c2ec2d9a57cb3cad9e3719cb795bbb063176d7afe81b7288ebacf5096d26b16e5ef34da6
 DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af4015d3988783016dc9145edebec17c7e230 SHA512 47fd9f405475f96958eb255f9051a9bde1ad8b515356bbaff8f8034ee34ecc17e3574c1d104496c5069c8986e047ca0de386f1b7d2f7317f15be98d69e74b624 WHIRLPOOL 4972eea9f6b8373b4bbcf73c66fe3dc635bc6326f264febc9a5a0fc620d44f1a3d1f98c91c1d2acb6779729a1e188c1f4a8750972266d1e463658529d37fa596
+DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
 DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
+DIST ngx_http_headers_more-0.31.tar.gz 27941 SHA256 b2e8162cce2d24861b1ed5bbb30fc51d5215e3f4bb9d01f53fc344904d5911e7 SHA512 bc6b936dff9989af9eb97864e5e9499748ea8c73b2f49a24ad00d2a90bf77d1d743e6789f7bf3948a7baaaa44b0cc9f48a1c8a52bce9902a13c88e1f6673c6e1 WHIRLPOOL 79dd5ecb8eaabf6d81380888b687a962339c93d6bff14c88156782d5846d1121d33e0851ab27b44fb1b9f2035484093327fb92559e655dbdc6362faddb76b5e2
 DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
+DIST ngx_http_lua-0.10.6.tar.gz 597217 SHA256 b98c4f648589bbf3e2c3d5fd18664e7a7ef89ac083e96c8e984fa919e7a7c073 SHA512 202aaf39381d151d5f456e5cd61c87b65fa20ece997f7e517a3eb3912af3a153747a674ac004dbcc474728567ff58436cfb408accd5e922d805b1d697c34774c WHIRLPOOL c4fd64114d74afbaba02c3e7bb1c5562281636624a581c6535f6aa310886f766b9cf0e63a8921599c617d411d5ec920e4b08b54588bfac7cf4c24e8ffc13d26b
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
+DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
 DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
 DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5
 DIST ngx_rtmp-1.1.8.tar.gz 519647 SHA256 de5866111a5b18c9dfb1c10f3a0e84b56af77f7005a41807368f7769b8a50965 SHA512 554249b1b8bb70952a0585dcc5c55c70daa63f2eba5ef35f8b1a4932fdfd6c95b0a48739857ba8dcab08ff1e91d048f3dc43bf65250890fd7a679cdabfed880a WHIRLPOOL a8cd4361419fbae97f199d788078c62ffc442158d0338aa677e5d6d21fb27a336da85e901ee6463ff6b33201092575237d5b6f20a1d80d924ac6591cbb75c9d7
+DIST ngx_rtmp-1.1.9.tar.gz 519807 SHA256 46d914e3ba1f4c2353c1ef01a7423305255cb78226c84fac419586f849b7ea55 SHA512 888c268eb0371649e9bf971462e20472f819946f49ef5e50af97d0590a03df6d37c1fa8016eb7ea81faa0c212c429618d399102f513b029c66226d48e444f70c WHIRLPOOL 94fc496b059549a56338cd51e0bbf9a3b11b10640e1ef83e1e7cdb2845dfecde012e0951003665e02bff4ef45870b78e399d4194997cb082647dbcd638cc9716

diff --git a/www-servers/nginx/nginx-1.11.3-r2.ebuild b/www-servers/nginx/nginx-1.11.3-r2.ebuild
new file mode 100644
index 00000000..883918d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.3-r2.ebuild
@@ -0,0 +1,782 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.9"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+	eapply "${FILESDIR}/${PN}-1.11.3-fix-build-without-stream_ssl_module.patch"
+
+	if use nginx_modules_http_sticky; then
+		cd "${HTTP_STICKY_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}" || die
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS}; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+
+	# HTTPoxy mitigation
+	ewarn ""
+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+	ewarn "parameter to an empty string per default when you are sourcing the default"
+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+	ewarn ""
+	ewarn "If this is causing any problems for you make sure that you are sourcing the"
+	ewarn "default parameters _before_ you set your own values."
+	ewarn "If you are relying on user-supplied proxy values you have to remove the"
+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     f03aacc3dc9a83ef1a9e89aa73eb081f0f36badf
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  3 21:34:08 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Sep  3 21:35:19 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f03aacc3

www-servers/nginx: Bump ebuild of stable slot to update 3rd-party modules

Backport of commit f3c2a26e1f50d245e6f06413b99f9d6102679999 from mainline:

 - nginx-upload-progress-module v0.9.1  -> v0.9.2
 - headers-more-nginx-module    v0.30   -> 0.31
 - ngx-fancyindex               v0.4.0  -> v0.4.1 (bug #592464)
 - lua-nginx-module             v0.10.5 -> 0.10.6
 - nginx-rtmp-module            v1.1.8  -> v1.1.9
 - echo-nginx-module            v0.59   -> 0.60

Gentoo-Bug: https://bugs.gentoo.org/592464

Package-Manager: portage-2.3.0

 www-servers/nginx/nginx-1.10.1-r3.ebuild | 768 +++++++++++++++++++++++++++++++
 1 file changed, 768 insertions(+)

diff --git a/www-servers/nginx/nginx-1.10.1-r3.ebuild b/www-servers/nginx/nginx-1.10.1-r3.ebuild
new file mode 100644
index 00000000..fe9f071
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.1-r3.ebuild
@@ -0,0 +1,768 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.9"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}" || die
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS}; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+
+	# HTTPoxy mitigation
+	ewarn ""
+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+	ewarn "parameter to an empty string per default when you are sourcing the default"
+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+	ewarn ""
+	ewarn "If this is causing any problems for you make sure that you are sourcing the"
+	ewarn "default parameters _before_ you set your own values."
+	ewarn "If you are relying on user-supplied proxy values you have to remove the"
+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     313dfd88a20fa556e9175fff7fea0eabc97c6c1e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 12 19:38:28 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Oct 12 19:48:06 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=313dfd88

www-servers/nginx: Bump to v1.10.1-r4 stable

Ebuild changes:
===============
 - NAXSI updated to v0.55.1

 - rtmp module updated to v1.1.10

 - LDAP authentication module updated to commit dbcef31b to fix some
   segmentation faults

Package-Manager: portage-2.3.2

 www-servers/nginx/nginx-1.10.1-r4.ebuild | 768 +++++++++++++++++++++++++++++++
 1 file changed, 768 insertions(+)

diff --git a/www-servers/nginx/nginx-1.10.1-r4.ebuild b/www-servers/nginx/nginx-1.10.1-r4.ebuild
new file mode 100644
index 00000000..4e28658
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.1-r4.ebuild
@@ -0,0 +1,768 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}" || die
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS}; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+
+	# HTTPoxy mitigation
+	ewarn ""
+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+	ewarn "parameter to an empty string per default when you are sourcing the default"
+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+	ewarn ""
+	ewarn "If this is causing any problems for you make sure that you are sourcing the"
+	ewarn "default parameters _before_ you set your own values."
+	ewarn "If you are relying on user-supplied proxy values you have to remove the"
+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     c7f5fede92086cd68a6a0e52015c0af3442b4737
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 15 19:03:26 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Oct 15 19:03:58 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7f5fede

www-servers/nginx: Adjust dependencies/slot operators

Package-Manager: portage-2.3.2

 www-servers/nginx/nginx-1.10.1-r3.ebuild | 24 ++++++++++++++++--------
 www-servers/nginx/nginx-1.10.1-r4.ebuild | 24 ++++++++++++++++--------
 www-servers/nginx/nginx-1.10.1.ebuild    | 24 ++++++++++++++++--------
 www-servers/nginx/nginx-1.11.4.ebuild    | 24 ++++++++++++++++--------
 www-servers/nginx/nginx-1.11.5.ebuild    | 24 ++++++++++++++++--------
 5 files changed, 80 insertions(+), 40 deletions(-)

diff --git a/www-servers/nginx/nginx-1.10.1-r3.ebuild b/www-servers/nginx/nginx-1.10.1-r3.ebuild
index fe9f071..8716c66 100644
--- a/www-servers/nginx/nginx-1.10.1-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r3.ebuild
@@ -230,8 +230,8 @@ done
 IUSE="${IUSE} nginx_modules_http_spdy"
 
 CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
 	ssl? (
 		!libressl? ( dev-libs/openssl:0= )
 		libressl? ( dev-libs/libressl:= )
@@ -250,21 +250,27 @@ CDEPEND="
 	nginx_modules_http_gunzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
 	nginx_modules_http_secure_link? (
 		userland_GNU? (
 			!libressl? ( dev-libs/openssl:0= )
 			libressl? ( dev-libs/libressl:= )
 		)
 	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
 	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
@@ -356,6 +362,8 @@ src_configure() {
 		fi
 		./configure \
 			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
 	fi

diff --git a/www-servers/nginx/nginx-1.10.1-r4.ebuild b/www-servers/nginx/nginx-1.10.1-r4.ebuild
index 4e28658..f5a4f5e 100644
--- a/www-servers/nginx/nginx-1.10.1-r4.ebuild
+++ b/www-servers/nginx/nginx-1.10.1-r4.ebuild
@@ -230,8 +230,8 @@ done
 IUSE="${IUSE} nginx_modules_http_spdy"
 
 CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
 	ssl? (
 		!libressl? ( dev-libs/openssl:0= )
 		libressl? ( dev-libs/libressl:= )
@@ -250,21 +250,27 @@ CDEPEND="
 	nginx_modules_http_gunzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
 	nginx_modules_http_secure_link? (
 		userland_GNU? (
 			!libressl? ( dev-libs/openssl:0= )
 			libressl? ( dev-libs/libressl:= )
 		)
 	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
 	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
@@ -356,6 +362,8 @@ src_configure() {
 		fi
 		./configure \
 			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
 	fi

diff --git a/www-servers/nginx/nginx-1.10.1.ebuild b/www-servers/nginx/nginx-1.10.1.ebuild
index 630624b..6365eb4 100644
--- a/www-servers/nginx/nginx-1.10.1.ebuild
+++ b/www-servers/nginx/nginx-1.10.1.ebuild
@@ -231,8 +231,8 @@ done
 IUSE="${IUSE} nginx_modules_http_spdy"
 
 CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
 	ssl? (
 		!libressl? ( dev-libs/openssl:0= )
 		libressl? ( dev-libs/libressl:= )
@@ -251,21 +251,27 @@ CDEPEND="
 	nginx_modules_http_gunzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
 	nginx_modules_http_secure_link? (
 		userland_GNU? (
 			!libressl? ( dev-libs/openssl:0= )
 			libressl? ( dev-libs/libressl:= )
 		)
 	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
 	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
@@ -356,6 +362,8 @@ src_configure() {
 		fi
 		./configure \
 			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
 	fi

diff --git a/www-servers/nginx/nginx-1.11.4.ebuild b/www-servers/nginx/nginx-1.11.4.ebuild
index a94f39d..228aa6f 100644
--- a/www-servers/nginx/nginx-1.11.4.ebuild
+++ b/www-servers/nginx/nginx-1.11.4.ebuild
@@ -237,8 +237,8 @@ done
 IUSE="${IUSE} nginx_modules_http_spdy"
 
 CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
 	ssl? (
 		!libressl? ( dev-libs/openssl:0= )
 		libressl? ( dev-libs/libressl:= )
@@ -257,21 +257,27 @@ CDEPEND="
 	nginx_modules_http_gunzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
 	nginx_modules_http_secure_link? (
 		userland_GNU? (
 			!libressl? ( dev-libs/openssl:0= )
 			libressl? ( dev-libs/libressl:= )
 		)
 	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
 	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
@@ -369,6 +375,8 @@ src_configure() {
 		fi
 		./configure \
 			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
 	fi

diff --git a/www-servers/nginx/nginx-1.11.5.ebuild b/www-servers/nginx/nginx-1.11.5.ebuild
index 3f951db..c5ed9be 100644
--- a/www-servers/nginx/nginx-1.11.5.ebuild
+++ b/www-servers/nginx/nginx-1.11.5.ebuild
@@ -237,8 +237,8 @@ done
 IUSE="${IUSE} nginx_modules_http_spdy"
 
 CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
 	ssl? (
 		!libressl? ( dev-libs/openssl:0= )
 		libressl? ( dev-libs/libressl:= )
@@ -257,21 +257,27 @@ CDEPEND="
 	nginx_modules_http_gunzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
 	nginx_modules_http_secure_link? (
 		userland_GNU? (
 			!libressl? ( dev-libs/openssl:0= )
 			libressl? ( dev-libs/libressl:= )
 		)
 	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
 	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
@@ -364,6 +370,8 @@ src_configure() {
 		fi
 		./configure \
 			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
 	fi

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     c017ceffdefb7a8cf24518702e1c1958d490a4ea
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 00:00:44 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 00:01:35 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c017ceff

www-servers/nginx: Bump to v1.10.2 stable

Package-Manager: portage-2.3.2

 www-servers/nginx/Manifest            |   1 +
 www-servers/nginx/nginx-1.10.2.ebuild | 776 ++++++++++++++++++++++++++++++++++
 2 files changed, 777 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index af7423c..b76141c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
+DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.11.4.tar.gz 949793 SHA256 06221c1f43f643bc6bfe5b2c26d19e09f2588d5cde6c65bdb77dfcce7c026b3b SHA512 c6a03c440a274576434aa74932b3fa7cd49174d9e2d8c6e480838637f33f158e31b6f25cac97e158f386bb92f62ff9636c2d3ac1a552e27a860eb9448e2f3f94 WHIRLPOOL 53c371cb34bc55f28d0a0915e08a4fdeffcfcbc8571628db086e0a75627c926693f2faba8608f0c444bc79df244b7f321e6017eda0eb7710d2ccb6f25aac8b75
 DIST nginx-1.11.5.tar.gz 956517 SHA256 223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 SHA512 f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c WHIRLPOOL fba49ae277ec2114b06eb0fdce87161ac7bd3e0ca90387dc58caf327c5f12056be07eeba677ff37c59e7d759054ec276ce4db647250774c57588619a1803592c
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2

diff --git a/www-servers/nginx/nginx-1.10.2.ebuild b/www-servers/nginx/nginx-1.10.2.ebuild
new file mode 100644
index 00000000..f5a4f5e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.2.ebuild
@@ -0,0 +1,776 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.31"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.6"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}" || die
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS}; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+
+	# HTTPoxy mitigation
+	ewarn ""
+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+	ewarn "parameter to an empty string per default when you are sourcing the default"
+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+	ewarn ""
+	ewarn "If this is causing any problems for you make sure that you are sourcing the"
+	ewarn "default parameters _before_ you set your own values."
+	ewarn "If you are relying on user-supplied proxy values you have to remove the"
+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     c0ed68db3717a8b594e37e690a036723dfea8a5c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 21:40:35 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 21:48:54 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0ed68db

www-servers/nginx: Bump to v1.10.2-r2 stable

Ebuild changes:
===============
 - ngx_headers_more module updated to v0.32

 - LUA module updated to v0.10.7

 - Patch for ngx_memc added to solve a build issue with
   latest nginx [Link 1]

Link 1: https://github.com/openresty/memc-nginx-module/issues/26

Package-Manager: portage-2.3.2

 www-servers/nginx/nginx-1.10.2-r2.ebuild | 802 +++++++++++++++++++++++++++++++
 1 file changed, 802 insertions(+)

diff --git a/www-servers/nginx/nginx-1.10.2-r2.ebuild b/www-servers/nginx/nginx-1.10.2-r2.ebuild
new file mode 100644
index 00000000..c71ba25
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.2-r2.ebuild
@@ -0,0 +1,802 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS}; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+
+	# HTTPoxy mitigation
+	ewarn ""
+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+	ewarn "parameter to an empty string per default when you are sourcing the default"
+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+	ewarn ""
+	ewarn "If this is causing any problems for you make sure that you are sourcing the"
+	ewarn "default parameters _before_ you set your own values."
+	ewarn "If you are relying on user-supplied proxy values you have to remove the"
+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     ad6c115214db8d4fca1b9c4484e89d202d9ea9cb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  7 23:43:34 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Jan  7 23:43:34 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad6c1152

www-servers/nginx: Bump to v1.11.8 (bug #603864)

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 www-servers/nginx/Manifest            |   1 +
 www-servers/nginx/nginx-1.11.8.ebuild | 999 ++++++++++++++++++++++++++++++++++
 2 files changed, 1000 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f950922..92392ff 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323f
 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.11.5.tar.gz 956517 SHA256 223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 SHA512 f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c WHIRLPOOL fba49ae277ec2114b06eb0fdce87161ac7bd3e0ca90387dc58caf327c5f12056be07eeba677ff37c59e7d759054ec276ce4db647250774c57588619a1803592c
 DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
+DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07

diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
new file mode 100644
index 00000000..d4ad6b0
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.8.ebuild
@@ -0,0 +1,999 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     3bff797e180eb661b58c01f1a9779a702dac0978
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 14:54:22 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 14:54:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bff797e

www-servers/nginx: amd64 stable wrt bug #605008

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.2-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 4da4e5c..9a1478a 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -173,7 +173,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     198664a2ccedff520dab3d3ff4c10e474e9acf4c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 15:21:05 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 15:21:05 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=198664a2

www-servers/nginx: x86 stable wrt bug #605008

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.2-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 9a1478a..2a00c26 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -173,7 +173,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     af1e9596ef64e37af30f56949ecbcd3f750180be
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 14:25:32 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 14:26:06 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af1e9596

www-servers/nginx: Add test restriction

Package does not provide a real test suite. Building with FEATURES=test will
currently end with a failure like

  >>> Test phase: www-servers/nginx-1.10.2-r3
   * Test::Harness Jobs=5
  make --jobs 5 --load-average 7.95 test TEST_VERBOSE=0
  make: *** No rule to make target 'test'.  Stop.
   * ERROR: www-servers/nginx-1.10.2-r3::gentoo failed (test phase):
   *   emake failed

Restricting test will prevent an error like this.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 www-servers/nginx/nginx-1.10.2-r3.ebuild | 3 +++
 www-servers/nginx/nginx-1.11.6-r1.ebuild | 5 ++++-
 www-servers/nginx/nginx-1.11.8.ebuild    | 3 +++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 2a00c26..8cb71d4 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -175,6 +175,9 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 SLOT="0"
 KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
 	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"

diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
index 49ffa0a..d4c0878 100644
--- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.11.6-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -175,6 +175,9 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 SLOT="mainline"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
 	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash

diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
index d4ad6b0..d4c0878 100644
--- a/www-servers/nginx/nginx-1.11.8.ebuild
+++ b/www-servers/nginx/nginx-1.11.8.ebuild
@@ -175,6 +175,9 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 SLOT="mainline"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
 NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
 	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
 	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     d1493c23e773a3b92eb9e1f79e0239da54531943
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 17:58:30 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 17:58:30 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1493c23

www-servers/nginx: Bump to v1.11.9

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.11.9.ebuild | 1002 +++++++++++++++++++++++++++++++++
 2 files changed, 1003 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 40667e8..e97451e 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
 DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
+DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
new file mode 100644
index 00000000..d4c0878
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.9.ebuild
@@ -0,0 +1,1002 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     f37bc910a241a557cf1386c59907dc75a2d30e6e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 31 17:49:11 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jan 31 17:49:11 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f37bc910

www-servers/nginx: Bump nginx (stable) to v1.10.3

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 www-servers/nginx/Manifest            |   1 +
 www-servers/nginx/nginx-1.10.3.ebuild | 989 ++++++++++++++++++++++++++++++++++
 2 files changed, 990 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e97451e..6f1c342 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
+DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
 DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
 DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
 DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4

diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
new file mode 100644
index 00000000..6d538c8
--- /dev/null
+++ b/www-servers/nginx/nginx-1.10.3.ebuild
@@ -0,0 +1,989 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     f86ee909d42c2a0577c6d31c52b672b620e9a920
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 31 17:50:58 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jan 31 17:50:58 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f86ee909

www-servers/nginx: Use HTTPS for nginx.org

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 www-servers/nginx/nginx-1.10.2-r3.ebuild | 4 ++--
 www-servers/nginx/nginx-1.10.3.ebuild    | 4 ++--
 www-servers/nginx/nginx-1.11.6-r1.ebuild | 4 ++--
 www-servers/nginx/nginx-1.11.8.ebuild    | 4 ++--
 www-servers/nginx/nginx-1.11.9.ebuild    | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
index 8cb71d4..e229135 100644
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r3.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
 inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
 	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
 	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
 	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
index 6d538c8..cb9c750 100644
--- a/www-servers/nginx/nginx-1.10.3.ebuild
+++ b/www-servers/nginx/nginx-1.10.3.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
 inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
 	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
 	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
 	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
index d4c0878..bd2418b 100644
--- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
+++ b/www-servers/nginx/nginx-1.11.6-r1.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
 inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
 	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
 	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
 	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
index d4c0878..bd2418b 100644
--- a/www-servers/nginx/nginx-1.11.8.ebuild
+++ b/www-servers/nginx/nginx-1.11.8.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
 inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
 	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
 	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
 	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
index d4c0878..bd2418b 100644
--- a/www-servers/nginx/nginx-1.11.9.ebuild
+++ b/www-servers/nginx/nginx-1.11.9.ebuild
@@ -145,8 +145,8 @@ AUTOTOOLS_AUTO_DEPEND="no"
 inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
 	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
 	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
 	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     e24779f56dba1a33bab8b9218eae43f72aaae4f6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 14 16:59:20 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 14 17:06:31 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e24779f5

www-servers/nginx: Bump to v1.11.10 mainline

Ebuild changes:
===============
- NAXSI updated to v0.55.3

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 www-servers/nginx/Manifest             |    2 +
 www-servers/nginx/nginx-1.11.10.ebuild | 1002 ++++++++++++++++++++++++++++++++
 2 files changed, 1004 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6f1c342550..b435401f20 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
+DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
 DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
 DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
 DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
@@ -15,6 +16,7 @@ DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67
 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
 DIST ngx_http_lua-0.10.7.tar.gz 605171 SHA256 c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 SHA512 d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 WHIRLPOOL 7b64f75aae2ab74f51b3b2d07a59262a2c8ab2b863698b93b1184c003049641b45eded8fa5cc6301887c80d5fc34e9f22365da7765b3d5594ad838dacfceddd7
 DIST ngx_http_naxsi-0.55.1.tar.gz 185997 SHA256 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 SHA512 aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 WHIRLPOOL 36830d10a35b724b7ea15e3884e96e2e4dd84f2b81fc1c7122d3e2e83a1942227321b1a7141d829423788bc52a3e199a95ca2637369e17f84ea16eb0cb2e5e37
+DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066

diff --git a/www-servers/nginx/nginx-1.11.10.ebuild b/www-servers/nginx/nginx-1.11.10.ebuild
new file mode 100644
index 0000000000..2662158ecd
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.10.ebuild
@@ -0,0 +1,1002 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     49032003f8f6fa803d66b8037963a4aee43115d2
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 22 14:22:10 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 22 14:22:10 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49032003

www-servers/nginx: amd64 stable wrt bug #613416

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.10.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
index 6d85be564ba..db08f7e61e0 100644
--- a/www-servers/nginx/nginx-1.10.3.ebuild
+++ b/www-servers/nginx/nginx-1.10.3.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8590621f9281188a9922779acb6730ec193ee52f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 27 10:24:51 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Mar 27 10:25:19 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8590621f

www-servers/nginx: Bump to v1.11.12 mainline (bug #614042)

Replaces v1.11.11 which might hog CPU due to a bug introduced in v1.11.11.

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest                                       | 2 +-
 www-servers/nginx/{nginx-1.11.11.ebuild => nginx-1.11.12.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 377d516b6ec..5bcff98aed8 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,7 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
-DIST nginx-1.11.11.tar.gz 979864 SHA256 5a7ac480248e28d26e68fd1ea3dbd8b05f69726d71528e79332839b171277262 SHA512 c830c1eb762f5d5df19c4b256c8aa4ebe8354f3a088f07c6b4b890806117d1716eaa20dbd6ac1ff5eafc2b1ee43c44ed608aa96b9057e44953b2888177e67719 WHIRLPOOL 9403ab4763a077a378d997d7a60abdf6c9a8caa8756096c86c1046ca324926e9e8e835c59bd677440fc33e8a9f4c22cfa238e043116bfed621dabcadacc9d1cf
+DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
 DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
 DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
 DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4

diff --git a/www-servers/nginx/nginx-1.11.11.ebuild b/www-servers/nginx/nginx-1.11.12.ebuild
similarity index 100%
rename from www-servers/nginx/nginx-1.11.11.ebuild
rename to www-servers/nginx/nginx-1.11.12.ebuild

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     f085102d8f479d2fcacd00d62839a8a2f4729c47
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  4 18:24:07 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr  4 18:24:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f085102d

www-servers/nginx: Bump to v1.11.13 mainline

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest             |    1 +
 www-servers/nginx/nginx-1.11.13.ebuild | 1011 ++++++++++++++++++++++++++++++++
 2 files changed, 1012 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index ae2fef0f10a..e121a44fcc7 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
 DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
+DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.11.13.ebuild b/www-servers/nginx/nginx-1.11.13.ebuild
new file mode 100644
index 00000000000..7870abf9766
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.13.ebuild
@@ -0,0 +1,1011 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     64ad6ced41a9983b0fcba4ec0c12ebd788e6f799
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  4 18:21:20 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr  4 18:24:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64ad6ced

www-servers/nginx: Cleanup old versions

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest               |    4 -
 www-servers/nginx/nginx-1.10.2-r3.ebuild |  988 -----------------------------
 www-servers/nginx/nginx-1.11.6-r1.ebuild | 1001 ------------------------------
 www-servers/nginx/nginx-1.11.8.ebuild    | 1001 ------------------------------
 www-servers/nginx/nginx-1.11.9.ebuild    | 1001 ------------------------------
 5 files changed, 3995 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5bcff98aed8..ae2fef0f10a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,11 +1,7 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
-DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
 DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
-DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
-DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
-DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
deleted file mode 100644
index cf55f356592..00000000000
--- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
+++ /dev/null
@@ -1,988 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
deleted file mode 100644
index 688728d104b..00000000000
--- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
deleted file mode 100644
index 688728d104b..00000000000
--- a/www-servers/nginx/nginx-1.11.8.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
deleted file mode 100644
index 688728d104b..00000000000
--- a/www-servers/nginx/nginx-1.11.9.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     81ea3aa6596233070d7bfcafdc704ec5ebf32379
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 14 10:51:05 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 14 10:51:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81ea3aa6

www-servers/nginx: Bumped to v1.12.0 stable

Ebuild changes:
===============
 - HTTP LUA module bumped to v0.10.8
   Warning: While the module now builds against nginx-1.11.11+ the author
            warns that >=nginx-1.11.11 is still not an officially
            supported target for that module. You are on your own!

 - RTMP module bumped to v1.1.11

 - HTTP memc module bumped to v0.18

 - HTTP NAXSI module bumped to v0.55.3

 - New upstream stream modules

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.12.0.ebuild | 1015 +++++++++++++++++++++++++++++++++
 2 files changed, 1016 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 06b177149bf..c9882c2e17c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18
 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
 DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
+DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.12.0.ebuild b/www-servers/nginx/nginx-1.12.0.ebuild
new file mode 100644
index 00000000000..a28bc1a098f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.0.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     2e2758a67d46e090851d37e6da1ac1a098f41d93
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 26 08:25:38 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 26 08:26:04 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e2758a6

www-servers/nginx: Bump to v1.13.0 mainline

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.13.0.ebuild | 1015 +++++++++++++++++++++++++++++++++
 2 files changed, 1016 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c9882c2e17c..35eac0ca792 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
 DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
 DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
+DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.13.0.ebuild b/www-servers/nginx/nginx-1.13.0.ebuild
new file mode 100644
index 00000000000..cb4c774f1aa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.0.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     c3bb326a6265e020e6e01d798714faf0bf58edd1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 30 15:42:08 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 30 15:42:29 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3bb326a

www-servers/nginx: Bump to v1.13.1 mainline

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.13.1.ebuild | 1015 +++++++++++++++++++++++++++++++++
 2 files changed, 1016 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 35eac0ca792..594430bbaff 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22
 DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
 DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
 DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
+DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.13.1.ebuild b/www-servers/nginx/nginx-1.13.1.ebuild
new file mode 100644
index 00000000000..cb4c774f1aa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.1.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     f8e7e47c9fa8ee8727b9f06277ec5a076aced0bf
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 27 16:38:43 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 27 16:38:57 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8e7e47c

www-servers/nginx: Bump to v1.13.2 mainline

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.13.2.ebuild | 1015 +++++++++++++++++++++++++++++++++
 2 files changed, 1016 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 594430bbaff..8650aa4f9ae 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,6 +5,7 @@ DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18
 DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
 DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
 DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
+DIST nginx-1.13.2.tar.gz 985802 SHA256 d77f234d14989d273a363f570e1d892395c006fef2ec04789be90f41a1919b70 SHA512 b07a0a6e8201979dbcec5ecdec9dd1210f35d5e861ff149b3a59f7d1d36f15ec195ef41c6d82a3bf618e9f044dbae06bb45d7f0369574cde97bd74b750dea905 WHIRLPOOL 46de82a5554a78249079a200720ec6184ff2e52a5609c12e365bdbc7f052486c3991eee3fac8bab71d75068e132a2eb112b4a99211a6365d991273a44e5d8ec2
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

diff --git a/www-servers/nginx/nginx-1.13.2.ebuild b/www-servers/nginx/nginx-1.13.2.ebuild
new file mode 100644
index 00000000000..cb4c774f1aa
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.2.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.11"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     d195ea6ec9933d558fecdfb30edebca2ea413c13
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 11 16:28:36 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 11 16:28:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d195ea6e

www-servers/nginx: Security bump for CVE-2017-7529 (bug #624552)

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest            |    3 +
 www-servers/nginx/nginx-1.12.1.ebuild | 1015 +++++++++++++++++++++++++++++++++
 www-servers/nginx/nginx-1.13.3.ebuild | 1015 +++++++++++++++++++++++++++++++++
 3 files changed, 2033 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 8650aa4f9ae..b4746ce02a1 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,9 +3,11 @@ DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
 DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
 DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
+DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
 DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
 DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
 DIST nginx-1.13.2.tar.gz 985802 SHA256 d77f234d14989d273a363f570e1d892395c006fef2ec04789be90f41a1919b70 SHA512 b07a0a6e8201979dbcec5ecdec9dd1210f35d5e861ff149b3a59f7d1d36f15ec195ef41c6d82a3bf618e9f044dbae06bb45d7f0369574cde97bd74b750dea905 WHIRLPOOL 46de82a5554a78249079a200720ec6184ff2e52a5609c12e365bdbc7f052486c3991eee3fac8bab71d75068e132a2eb112b4a99211a6365d991273a44e5d8ec2
+DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -29,3 +31,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.1.10.tar.gz 519877 SHA256 f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c SHA512 bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f WHIRLPOOL 655f4dcb02f928698ae14d29e5b7f60ad3fd71c757d67f1930c695a3501054d124a92f7ada7d4e605204f1e73e0779cad0b60102bc98d64764535581db0b1867
 DIST ngx_rtmp-1.1.11.tar.gz 519988 SHA256 71e8a0b42a41d1cb5ab1b9a8793f0e479e31fa9b59c4c6f5665df41cebf09e2b SHA512 e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 WHIRLPOOL a9799368dbfdc18d396b8b3abfe5582783c912fec1f3b0d8ce9444e1e0549c63eec9586a18adda1a323a86a4af09ae43051335545cd27e1b5dcb15bb25e1dac9
+DIST ngx_rtmp-1.2.0.tar.gz 519895 SHA256 a8026f5ade30b178a06f12c46dff053cfe12256016ad465a46646183086b16b0 SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8 WHIRLPOOL ea18f30cac7310a9b9be92178266afab5403f9e2e52cf89142c3c8bd20c05b12390ae90bdb50ceabef7ba869ef95502fee2f046716daea95de10527acba826c8

diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
new file mode 100644
index 00000000000..96bc9f71ba2
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.1.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

diff --git a/www-servers/nginx/nginx-1.13.3.ebuild b/www-servers/nginx/nginx-1.13.3.ebuild
new file mode 100644
index 00000000000..95f97cf6a40
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.3.ebuild
@@ -0,0 +1,1015 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.8"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_echo; then
+		cd "${HTTP_ECHO_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		cd "${HTTP_LUA_MODULE_WD}" || die
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
+		cd "${S}" || die
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+		eapply "${FILESDIR}"/http_security-pr_1373.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     786c022fa856eff25a9033954b7b322138ed8b52
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 12 08:17:02 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jul 12 08:17:02 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=786c022f

www-servers/nginx: amd64 stable wrt bug #624552

Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.12.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
index 96bc9f71ba2..86ba9b40d49 100644
--- a/www-servers/nginx/nginx-1.12.1.ebuild
+++ b/www-servers/nginx/nginx-1.12.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Agostino Sarubbo]

commit:     7cdfe1b048245a0b7f01edd5bed09f9f5168d984
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 12 08:18:13 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jul 12 08:18:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cdfe1b0

www-servers/nginx: x86 stable wrt bug #624552

Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 www-servers/nginx/nginx-1.12.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
index 86ba9b40d49..5c7b643f437 100644
--- a/www-servers/nginx/nginx-1.12.1.ebuild
+++ b/www-servers/nginx/nginx-1.12.1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     e4edc7bc232ba2f0c722e7077ce79a994237901c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  5 16:50:22 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Sep  5 16:50:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4edc7bc

www-servers/nginx: Bump to v1.13.5 mainline

Ebuild changes:
===============
 - fancyindex module bumped to v0.4.2

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.13.5.ebuild | 1000 +++++++++++++++++++++++++++++++++
 2 files changed, 1002 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2e2fa264bb0..965537cde43 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 SHA256 41a8f73476ec891f3a9e8736b98b64ea5c2
 DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
 DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
 DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
+DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -13,6 +14,7 @@ DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 SHA256 6b004eed8ea16ad8de4d304027bf0413c
 DIST ngx_http_echo-0.60.tar.gz 52771 SHA256 1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c WHIRLPOOL 8938ac18aae74a5c4806ff3611c243c9bee108ef93fef7b0da284040c2ec2d9a57cb3cad9e3719cb795bbb063176d7afe81b7288ebacf5096d26b16e5ef34da6
 DIST ngx_http_echo-0.61.tar.gz 53155 SHA256 2e6a03032555f5da1bdff2ae96c96486f447da3da37c117e0f964ae0753d22aa SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b WHIRLPOOL 66c4103ce093afb15cd3ec8c53ba52f8db0f10837084448cbc080618c3882f5441491ba60a74831012433a0e4286d8ae66187e33cac3d1b715e58694fddfc84e
 DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
+DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 SHA256 8327150864ca267b735d550d3304030efbbd863fdddfe0a94e970f249a8827ee SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76 WHIRLPOOL 81b34afe05fda9068a53d5fa29937c72210847a9eda86f8858d6d2d625958f1c6cea2c3639ce9132687b672384b066f314bfb7096098646131c7380bd99c5470
 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
 DIST ngx_http_lua-0.10.10.tar.gz 611973 SHA256 b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9 SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d WHIRLPOOL 23b5509618a7b3db215ed62b37773f7fa4e1ec14efceef631344c608c079929cded79c6888fa4a45fc31b25463ebb43030cf86868e3df99bb8b3d49116a448d5
 DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba

diff --git a/www-servers/nginx/nginx-1.13.5.ebuild b/www-servers/nginx/nginx-1.13.5.ebuild
new file mode 100644
index 00000000000..1f7375d4372
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.5.ebuild
@@ -0,0 +1,1000 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+	referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Fabian Groffen]

commit:     e7d3e6695ee01983b7b2dcff9ae18b33d8e6c13a
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 13 14:56:22 2017 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Sep 13 14:56:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7d3e669

www-servers/nginx: marked ~ppc64

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 www-servers/nginx/nginx-1.13.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.13.5.ebuild b/www-servers/nginx/nginx-1.13.5.ebuild
index 1f7375d4372..96e741f7f53 100644
--- a/www-servers/nginx/nginx-1.13.5.ebuild
+++ b/www-servers/nginx/nginx-1.13.5.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     b613924f6b07ec6e2d731ff610c0d54f41b14506
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 10 18:56:28 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 10 18:58:39 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b613924f

www-servers/nginx: Bump to v1.13.6 mainline

Ebuild changes:
===============
 - upstream check module bumped to commit 31b1b42873fa56620d8a873ac13f5f26b52d0cd6

Package-Manager: Portage-2.3.10, Repoman-2.3.3

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.13.6.ebuild | 1000 +++++++++++++++++++++++++++++++++
 2 files changed, 1002 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 965537cde43..12711aea96f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17
 DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
 DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
 DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
+DIST nginx-1.13.6.tar.gz 989760 SHA256 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e WHIRLPOOL e219846d7a15de9239d4c26eab4e8ec783bbc715e84eee0f6a8591a1d0dae0eeb828b15ccf622638c14a943758b3bb02e23355e129c16178d9aca72c4733b80f
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -23,6 +24,7 @@ DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba2
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
 DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0
+DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 SHA256 c7241b15ba20779d8d465dfe05e8e53f9e62b069b4165c9e8001eb795b870ff4 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b WHIRLPOOL 932a51c8911053e301a7efa3006bf994622b79f3a9f39c317f33f2243c77dde06c7b8387bf0969943512afe049f0e55c8aad5c89d4fd0f4c84939b20927c52ed
 DIST ngx_memc_module-0.18.tar.gz 37113 SHA256 4e280d1dcb8b312bc7875604c1e35b17879279126d3d5fbf482aa9cc7c11276d SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706 WHIRLPOOL 9570bf7fb4e925d1794f3af0914efca036fe65696e7e380969133b89878e5f46f71cd5ffb7b5ea94085aced26d289abca77d7ef805f03ff614bc12a47d7aab3f
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61

diff --git a/www-servers/nginx/nginx-1.13.6.ebuild b/www-servers/nginx/nginx-1.13.6.ebuild
new file mode 100644
index 00000000000..f2844ff8505
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.6.ebuild
@@ -0,0 +1,1000 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+	referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     237b8241f23eb73b431c0745e4c6706b71613fd6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 17 16:17:27 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 17 16:23:16 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=237b8241

www-servers/nginx: Bump to v1.12.2 stable

Package-Manager: Portage-2.3.10, Repoman-2.3.3

 www-servers/nginx/Manifest            |   1 +
 www-servers/nginx/nginx-1.12.2.ebuild | 999 ++++++++++++++++++++++++++++++++++
 2 files changed, 1000 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 12711aea96f..bb8f6618067 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST modsecurity-2.9.2.tar.gz 4298993 SHA256 41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21 WHIRLPOOL cbdc090f5fefeb6b6b71362e03dc12c4c574b7726005e8b552f4db7b765fc77f4609af5f216fad6c336d886e112aa392e3f885a140a72d731eed78a1ed51cd88
 DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
+DIST nginx-1.12.2.tar.gz 981687 SHA256 305f379da1d5fb5aefa79e45c829852ca6983c7cd2a79328f8e084a324cf0416 SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7 WHIRLPOOL 118bbb2f432603fe13cb673a85f7c998bc349df801eee5d043a6e2f7ecb197e1cb86b71c56babf7b41fc6c9ea3953665c14a1ce62a31080fb992637fecb20ee9
 DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
 DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
 DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d

diff --git a/www-servers/nginx/nginx-1.12.2.ebuild b/www-servers/nginx/nginx-1.12.2.ebuild
new file mode 100644
index 00000000000..cc482646f7c
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.2.ebuild
@@ -0,0 +1,999 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Jonas Stein]

commit:     c3bcfd7faf0443efb77b7da1e4ed17a56851f6e1
Author:     Jonas Stein <jstein <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 30 00:01:15 2017 +0000
Commit:     Jonas Stein <jstein <AT> gentoo <DOT> org>
CommitDate: Mon Oct 30 00:01:35 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3bcfd7f

www-servers/nginx: Removed proxied maintainer

Proxied maintainer retired.
Closes: https://bugs.gentoo.org/633054
Package-Manager: Portage-2.3.13, Repoman-2.3.4

 www-servers/nginx/metadata.xml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 2721de505ad..8315c7922c7 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -9,11 +9,6 @@
     <email>dev-zero@gentoo.org</email>
     <name>Tiziano Müller</name>
   </maintainer>
-  <maintainer type="person">
-    <email>bugs@bergstroem.nu</email>
-    <name>Johan Bergström</name>
-    <description>Co-maintainer, CC on bugs.</description>
-  </maintainer>
   <use>
     <flag name="aio">Enables file AIO support</flag>
     <flag name="http">Enable HTTP core support</flag>

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     b1a39c149ffac5d3168aa0f4e9723e4a6bc8ca95
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 21 16:04:37 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 21 16:04:51 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1a39c14

www-servers/nginx: Bump to v1.13.7 mainline

Ebuild changes:
===============
 - headers_more module bumped to v0.33

 - lua module bumped to 0.10.11

 - push module bumped to 0.5.4

Package-Manager: Portage-2.3.13, Repoman-2.3.4

 www-servers/nginx/Manifest            |    4 +
 www-servers/nginx/nginx-1.13.7.ebuild | 1006 +++++++++++++++++++++++++++++++++
 2 files changed, 1010 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index bb8f6618067..0b2958d40da 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,6 +6,7 @@ DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82
 DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
 DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
 DIST nginx-1.13.6.tar.gz 989760 SHA256 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e WHIRLPOOL e219846d7a15de9239d4c26eab4e8ec783bbc715e84eee0f6a8591a1d0dae0eeb828b15ccf622638c14a943758b3bb02e23355e129c16178d9aca72c4733b80f
+DIST nginx-1.13.7.tar.gz 990836 SHA256 beb732bc7da80948c43fd0bf94940a21a21b1c1ddfba0bd99a4b88e026220f5c SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0 WHIRLPOOL f56195c1bf4143acfceba4d7c03a2cf7a12d26f829dbf8465c59618601dacc10746e85c45dbbbb6d3b978706766b6987a478fd665776c454411a7ff4b164e869
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -18,10 +19,13 @@ DIST ngx_http_echo-0.61.tar.gz 53155 SHA256 2e6a03032555f5da1bdff2ae96c96486f447
 DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
 DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 SHA256 8327150864ca267b735d550d3304030efbbd863fdddfe0a94e970f249a8827ee SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76 WHIRLPOOL 81b34afe05fda9068a53d5fa29937c72210847a9eda86f8858d6d2d625958f1c6cea2c3639ce9132687b672384b066f314bfb7096098646131c7380bd99c5470
 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
+DIST ngx_http_headers_more-0.33.tar.gz 28130 SHA256 a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37 WHIRLPOOL 3684b3ff76c6d4ff12d721db31376b6a2b8a91833210d7a0705c7e8615bb079d509d0d25d56a1a2ade33d90cf72006da4affcaeb89f7f6d57818b5436a0ab44c
 DIST ngx_http_lua-0.10.10.tar.gz 611973 SHA256 b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9 SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d WHIRLPOOL 23b5509618a7b3db215ed62b37773f7fa4e1ec14efceef631344c608c079929cded79c6888fa4a45fc31b25463ebb43030cf86868e3df99bb8b3d49116a448d5
+DIST ngx_http_lua-0.10.11.tar.gz 616653 SHA256 c0fb91fcfd1c6e7dec34ca64826ef81ffebafdef6174d254467636f380566626 SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511 WHIRLPOOL 1ad973245c301d585e6d427d08ad32df7c0be2d5af6bd4c422521fb7e29fc5c99565c6fe7cf3784a118ce69b042689381e1ab18d20524edd55331c112fe0a4be
 DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
+DIST ngx_http_push_stream-0.5.4.tar.gz 183493 SHA256 5253bb8a804ea679e514137a234637298f044c3ef63c053670bf3802ff3535b1 SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86 WHIRLPOOL 14e2dee5d08d495d9a3c96298508ff83cbd75c01f2c9800b57e1827540a3dfa70bd3e67cad41847906f58bc30004af90a08a58c93fbee3903e856e3736f809b9
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
 DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0

diff --git a/www-servers/nginx/nginx-1.13.7.ebuild b/www-servers/nginx/nginx-1.13.7.ebuild
new file mode 100644
index 00000000000..b0d71137e94
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.7.ebuild
@@ -0,0 +1,1006 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+	referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     d609bbeb50dee991641cfbf1d7e99e8285847bcb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 26 16:34:28 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 26 16:34:45 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d609bbeb

www-servers/nginx: Bump to v1.13.8 mainline

Ebuild changes:
===============
- rtmp module bumped to v1.2.1

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.13.8.ebuild | 1006 +++++++++++++++++++++++++++++++++
 2 files changed, 1008 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index fed031b523a..a19dd8765e4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -7,6 +7,7 @@ DIST nginx-1.13.4.tar.gz 988415 BLAKE2B 7afcd99b8382307a97550de9401c89b3cc7e79c1
 DIST nginx-1.13.5.tar.gz 988821 BLAKE2B 1711966abe6d52fdda0b27488edc3f9c555bad498f661524e908af5c34a681dc878cd55449e76a003ae2adb43f61c8b1ee4329b72940bc7fbab6decc6f18ae4a SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459
 DIST nginx-1.13.6.tar.gz 989760 BLAKE2B d833f0b432a33f8cf36108f42e423b95efd410f745a6bc17d6749952f5024641548ebd41e6c31cdda246428c38ae07df70bb4d9c0a6794cad3e3256d07ff3f03 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e
 DIST nginx-1.13.7.tar.gz 990836 BLAKE2B 158c70018426e78a8e5157bde1c164de78bb9968c37f4c3fe24e30ef3df7690abdd6932522c6c179db8c5ff4da0f3fcee925e3b2680bfa33dc2b2abc8f007708 SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0
+DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
@@ -34,3 +35,4 @@ DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec7885
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
+DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922

diff --git a/www-servers/nginx/nginx-1.13.8.ebuild b/www-servers/nginx/nginx-1.13.8.ebuild
new file mode 100644
index 00000000000..0cad8199f3f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.8.ebuild
@@ -0,0 +1,1006 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+	referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8b9dfbfd6e02d1eeb6fa153390e5ed8b7c89140b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 26 16:39:20 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 26 16:41:41 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b9dfbfd

www-servers/nginx: Cleanup old.

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 www-servers/nginx/Manifest               |    4 -
 www-servers/nginx/nginx-1.12.2.ebuild    |  999 -----------------------------
 www-servers/nginx/nginx-1.13.3.ebuild    | 1015 ------------------------------
 www-servers/nginx/nginx-1.13.4.ebuild    | 1000 -----------------------------
 www-servers/nginx/nginx-1.13.5.ebuild    | 1000 -----------------------------
 www-servers/nginx/nginx-1.13.6-r1.ebuild | 1006 -----------------------------
 www-servers/nginx/nginx-1.13.6.ebuild    | 1000 -----------------------------
 7 files changed, 6024 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a19dd8765e4..e9c5e42c611 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,10 +2,6 @@ DIST modsecurity-2.9.1.tar.gz 4261212 BLAKE2B c47c7934d8da870e629c5733cc8c37452e
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.12.1.tar.gz 981093 BLAKE2B fa81164511591736b5da1937f2e867712845ff6bfa51cb9c2e2cd367f5d936f7ff6fd3a86cc1d2a49e0b97f6200dbc7808f783941182e08a1037112d858c91cd SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
-DIST nginx-1.13.3.tar.gz 985931 BLAKE2B 3b95a66ffb9e44669a9833f787135d779420a4a3d4f931b43c0e32e8ffea6266e14e2fc3a0c5e682b5f9401375da97dfe295e4244528954a62b2171af762424b SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380
-DIST nginx-1.13.4.tar.gz 988415 BLAKE2B 7afcd99b8382307a97550de9401c89b3cc7e79c1602044fae447db3cec5daa00e6787d3e3bf40ba3fb3191a9b8d0ea576b5116a34933eef818d414e65c364637 SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740
-DIST nginx-1.13.5.tar.gz 988821 BLAKE2B 1711966abe6d52fdda0b27488edc3f9c555bad498f661524e908af5c34a681dc878cd55449e76a003ae2adb43f61c8b1ee4329b72940bc7fbab6decc6f18ae4a SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459
-DIST nginx-1.13.6.tar.gz 989760 BLAKE2B d833f0b432a33f8cf36108f42e423b95efd410f745a6bc17d6749952f5024641548ebd41e6c31cdda246428c38ae07df70bb4d9c0a6794cad3e3256d07ff3f03 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e
 DIST nginx-1.13.7.tar.gz 990836 BLAKE2B 158c70018426e78a8e5157bde1c164de78bb9968c37f4c3fe24e30ef3df7690abdd6932522c6c179db8c5ff4da0f3fcee925e3b2680bfa33dc2b2abc8f007708 SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0
 DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92

diff --git a/www-servers/nginx/nginx-1.12.2.ebuild b/www-servers/nginx/nginx-1.12.2.ebuild
deleted file mode 100644
index cc482646f7c..00000000000
--- a/www-servers/nginx/nginx-1.12.2.ebuild
+++ /dev/null
@@ -1,999 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.3.ebuild b/www-servers/nginx/nginx-1.13.3.ebuild
deleted file mode 100644
index 95f97cf6a40..00000000000
--- a/www-servers/nginx/nginx-1.13.3.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.4.ebuild b/www-servers/nginx/nginx-1.13.4.ebuild
deleted file mode 100644
index fd6ca7601cf..00000000000
--- a/www-servers/nginx/nginx-1.13.4.ebuild
+++ /dev/null
@@ -1,1000 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
-	referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.5.ebuild b/www-servers/nginx/nginx-1.13.5.ebuild
deleted file mode 100644
index 96e741f7f53..00000000000
--- a/www-servers/nginx/nginx-1.13.5.ebuild
+++ /dev/null
@@ -1,1000 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
-	referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.6-r1.ebuild b/www-servers/nginx/nginx-1.13.6-r1.ebuild
deleted file mode 100644
index 98e2bf7e78a..00000000000
--- a/www-servers/nginx/nginx-1.13.6-r1.ebuild
+++ /dev/null
@@ -1,1006 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
-	referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.6.ebuild b/www-servers/nginx/nginx-1.13.6.ebuild
deleted file mode 100644
index f2844ff8505..00000000000
--- a/www-servers/nginx/nginx-1.13.6.ebuild
+++ /dev/null
@@ -1,1000 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
-	referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     c16cffd2f3a720a6de660ec7ad8954b839b4003f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 26 16:41:28 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 26 16:41:42 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c16cffd2

www-servers/nginx: x86 stable (bug #642328)

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 www-servers/nginx/nginx-1.12.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
index fdf52f005cc..cacb3fe4c7f 100644
--- a/www-servers/nginx/nginx-1.12.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.12.2-r1.ebuild
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Mikle Kolyada]

commit:     d23d74051935672e5f035a5c2b3fffc13ebd812a
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  1 23:59:52 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Mon Jan  1 23:59:52 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d23d7405

www-servers/nginx: amd64 stable wrt bug #642328

Package-Manager: Portage-2.3.13, Repoman-2.3.3

 www-servers/nginx/nginx-1.12.2-r1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
index cacb3fe4c7f..40d650b17fe 100644
--- a/www-servers/nginx/nginx-1.12.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.12.2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -172,7 +172,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     d01cf3565b9d317b5d26cb7bb5979d98f159cf80
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  1 20:46:48 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Feb  1 20:48:55 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d01cf356

www-servers/nginx: Cleanup old

Package-Manager: Portage-2.3.21, Repoman-2.3.6

 www-servers/nginx/Manifest            |    8 -
 www-servers/nginx/nginx-1.12.1.ebuild | 1015 ---------------------------------
 www-servers/nginx/nginx-1.13.7.ebuild | 1006 --------------------------------
 3 files changed, 2029 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e9c5e42c611..a4bbc9bda74 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,31 +1,23 @@
-DIST modsecurity-2.9.1.tar.gz 4261212 BLAKE2B c47c7934d8da870e629c5733cc8c37452e4d90351269a14b99483188e8e3161891bd63bfd70e0723648c8daf51f1c33d900bd90ab0157332f826eab772f09f62 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
-DIST nginx-1.12.1.tar.gz 981093 BLAKE2B fa81164511591736b5da1937f2e867712845ff6bfa51cb9c2e2cd367f5d936f7ff6fd3a86cc1d2a49e0b97f6200dbc7808f783941182e08a1037112d858c91cd SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
-DIST nginx-1.13.7.tar.gz 990836 BLAKE2B 158c70018426e78a8e5157bde1c164de78bb9968c37f4c3fe24e30ef3df7690abdd6932522c6c179db8c5ff4da0f3fcee925e3b2680bfa33dc2b2abc8f007708 SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0
 DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
-DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 BLAKE2B 065e41a6bfa1d3cc539dc1e6085e1897ff27f54204f6667a57bd3972954993aa5aae7f33a008be6e0b716a1633ec87833cb405be0494210ae819470ff808d01a SHA512 4763b1c5e417248d80acfacf20bfc5ba3e06675ff08e37703867daef99a400980b536941e4955c259432905bd11ab998bc2e2489a50350413c7bf37e18eafb74
 DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
-DIST ngx_http_echo-0.60.tar.gz 52771 BLAKE2B b7e138e2244d5a5128f3af27ebc873f0597b10335e2c786efc3a1712f260a653c036421d114774c168b55565f4fc8ff2e5d788dc9a34dc2587343797b2928b80 SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
-DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 BLAKE2B 9b38799e98e18c9ff7fd71c2a6cefccbac6f0e428f965a239de1b5cd64a69224240aa37f7d72157bbb148fe824aaf9c863221d8d6ad1835b76538e2384df16b1 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1
 DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
 DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
 DIST ngx_http_lua-0.10.11.tar.gz 616653 BLAKE2B 6985823752755b78b626f597600adf45592ce4c8dc3a513dd43b9f5152c9746a795faa3714124d74814ad88739dd8889de50e764ad2ea808c48570d1e297aeec SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511
-DIST ngx_http_lua-0.10.8.tar.gz 606643 BLAKE2B 15eda2ebc599058ff61cbd3afdee17ce6f30f22ecaefcea6f1545728ccb2422ecdd6128e0860c3225981e9b100c9300b78e86c1a98884f36260628a62af30fd1 SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
-DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 BLAKE2B abaec02117c0ad0729e782f34e36a7b5547fffd300312c9fcccb718c3f6d0ff3a566756c21bd68209d102cff0418ca3d1f363c3aa898be0a49e2a003bb6eb1b9 SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29
 DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
 DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e

diff --git a/www-servers/nginx/nginx-1.12.1.ebuild b/www-servers/nginx/nginx-1.12.1.ebuild
deleted file mode 100644
index 5c7b643f437..00000000000
--- a/www-servers/nginx/nginx-1.12.1.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.7.ebuild b/www-servers/nginx/nginx-1.13.7.ebuild
deleted file mode 100644
index b0d71137e94..00000000000
--- a/www-servers/nginx/nginx-1.13.7.ebuild
+++ /dev/null
@@ -1,1006 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.11"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
-	referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8d79a14747bb0f671b8e072e3024a53d8bc52bfb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 20 15:24:19 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 20 15:24:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d79a147

www-servers/nginx: Bump to v1.13.9 mainline

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.13.9.ebuild | 1065 +++++++++++++++++++++++++++++++++
 2 files changed, 1066 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e2f6fa4a721..8b160e997be 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
 DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
+DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529

diff --git a/www-servers/nginx/nginx-1.13.9.ebuild b/www-servers/nginx/nginx-1.13.9.ebuild
new file mode 100644
index 00000000000..82920e6b89d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.9.ebuild
@@ -0,0 +1,1065 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8cd9dd5fc232d3a01644584921e52dae99034779"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.1.15"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+	referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		cd "${NJS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/njs-0.1.15-fix-o3-building.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     649e666324f0c6de35e1e3afc7f6c202a70e946c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  3 15:51:16 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr  3 15:52:05 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=649e6663

www-servers/nginx: Bump to v1.13.11 mainline

Ebuild changes:
===============
- brotli module updated to commit 6a1174446f5a866d3d13615dd2824177570f0a69.

- nginScript module bumped to v0.2.0.

- Support for EXTRA_ECONF added to allow those who know what they
  are doing to add additional modules for example. [Bug 651164]

Closes: https://bugs.gentoo.org/651164
Package-Manager: Portage-2.3.26, Repoman-2.3.7

 www-servers/nginx/Manifest             |    3 +
 www-servers/nginx/nginx-1.13.11.ebuild | 1064 ++++++++++++++++++++++++++++++++
 2 files changed, 1067 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f448681de48..9f16c9426ed 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,12 +1,14 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
 DIST nginx-1.13.10.tar.gz 1014863 BLAKE2B 63034dbcddabef7512aef64c9a0ac88a25d154194b122a48298d72dfb91f40dbbd49f96b9416baec0973fc5c6f7dff1b4b71e835b6ee72a8175da760caf3f69d SHA512 33c894e00a13703db4195bc4a1f8fd512af165d8793ba00a7bf25e0e410136c8b4a94b14a81885be5fa2625626c810802282162c6d7a4f1f251a5ffccab218b3
+DIST nginx-1.13.11.tar.gz 1016189 BLAKE2B e6a42f5558a2cfdf15964a419b768a211436fe69c4f77bbce96ce279fe46ad481a69b35eb573907334b7b164dd9a9e43ce1f84a620a325b71d8901878075ea9f SHA512 ae80317b143d3140eaf3b32c2ac1af4f491ec683b849a9565cd1c23d8d9769f23a2d4db346dea017a555da3e2bd7fa39d2710a287193abc5e2853cbb9dc21e63
 DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
 DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-482761e7c0cf3ea4d1540fc9e14c9dedd80d2f7c.tar.gz 10590 BLAKE2B a707353e7f98f06652b89dc00a7ea40f4e52c05f8adfe9dca0d602d52d48a472fee23f079dca73556a26575960e9079d54ab45e13997cdd949f992322200f01c SHA512 480280c464e3cc3523e9b2bf210afd1bf62fa789d0acb7064c80919184bcbb975131f698a1e589b97ce1664f6cc44e6ac5e20a40188020b3558d38005d66287c
+DIST ngx_brotli-6a1174446f5a866d3d13615dd2824177570f0a69.tar.gz 12771 BLAKE2B 84e8bad6d3006dd919778ebbdb85bfe58dd9546533f824697eb3a0a3c560e858aa91c7ab4adcb2fc851aa7cee974086400607d9f9ddea0596b1b19eb87618a39 SHA512 10ce5360cd7a1edd2623918d5b438ef400dc6c2c030c992f200491448e182aedd8ebebc647d333ef22a393bb172f52d9e01f2a1d8d780e849fc3c0971e4130fe
 DIST ngx_brotli-8cd9dd5fc232d3a01644584921e52dae99034779.tar.gz 10585 BLAKE2B d65f068300852b5dbd77184cbcdbd31b14cb30484c5eb8c0d2b757d1d59e97d291b4b06fc11bc861d8796579964c91da2cb359e8fdf75199c655488701619516 SHA512 fa97bea2041d08d3ba07ae1cf6d84c225673b49c9ac8930923997c3ce501358a8bec63e4f3c075e22041f7997b8371a0d1887d73e989b8f27d55a0f72b3ea0f9
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
@@ -32,3 +34,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.1.15.tar.gz 228982 BLAKE2B c880c911c32c7ce7495fcbdc8b003340cd7d4020d7b820275d023729c4367ddea93539978b724d45b965cde44e9c35a4d4dd66138a0765be3b1697fc69abaeb2 SHA512 dd1ff7c95f6a5dd8df2c4b8abc13fc32462d4403d4d4f0e0cf8d4cc16fdd4b97ee563aeee593fcf9e83a463b3131772e8789f015c8ec74b61d90fd4d8699cf2e
+DIST njs-0.2.0.tar.gz 251246 BLAKE2B 76c0be4a98d5782df8d9ecb4b5a6a463a77fd59078f5d25a3763ea5e8633906966fc0a34c98dd9dca2dcc1f54994b0f47d8e80a5903faabbe43865930c2bc267 SHA512 8b1975594f47e49f6d245a99e64e59a3eebf916b9e7e8626e5b1487275688e3dd84691e99ed2207698724dc82d75c54176eb88b9104e847d1cd7db7ead89a391

diff --git a/www-servers/nginx/nginx-1.13.11.ebuild b/www-servers/nginx/nginx-1.13.11.ebuild
new file mode 100644
index 00000000000..bd7a770f74a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.11.ebuild
@@ -0,0 +1,1064 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="6a1174446f5a866d3d13615dd2824177570f0a69"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     305c7a1680ede160675aee74f83c0448dd28b433
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 10 19:28:48 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 10 19:29:13 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=305c7a16

www-servers/nginx: Bump to v1.13.12 mainline

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 www-servers/nginx/Manifest             |    1 +
 www-servers/nginx/nginx-1.13.12.ebuild | 1064 ++++++++++++++++++++++++++++++++
 2 files changed, 1065 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 9f16c9426ed..83a8156c93b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
 DIST nginx-1.13.10.tar.gz 1014863 BLAKE2B 63034dbcddabef7512aef64c9a0ac88a25d154194b122a48298d72dfb91f40dbbd49f96b9416baec0973fc5c6f7dff1b4b71e835b6ee72a8175da760caf3f69d SHA512 33c894e00a13703db4195bc4a1f8fd512af165d8793ba00a7bf25e0e410136c8b4a94b14a81885be5fa2625626c810802282162c6d7a4f1f251a5ffccab218b3
 DIST nginx-1.13.11.tar.gz 1016189 BLAKE2B e6a42f5558a2cfdf15964a419b768a211436fe69c4f77bbce96ce279fe46ad481a69b35eb573907334b7b164dd9a9e43ce1f84a620a325b71d8901878075ea9f SHA512 ae80317b143d3140eaf3b32c2ac1af4f491ec683b849a9565cd1c23d8d9769f23a2d4db346dea017a555da3e2bd7fa39d2710a287193abc5e2853cbb9dc21e63
+DIST nginx-1.13.12.tar.gz 1016311 BLAKE2B 8b56e1e13c2598181153b9fe5f5a9ac6349ba1d6c98cfca708cb7ae1d3b6eec92df0132091107bc20c0ae1bec15020957c820f9414890151b4b1830f00af2d40 SHA512 c61668d4999d43ccd5ed8e99bd2f6992190503bb3c4103a22871e346feb8cbd049b04416ca7eb982c122a9a29bb21c6bb9f934411dd80bc02d946105f7917873
 DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
 DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269

diff --git a/www-servers/nginx/nginx-1.13.12.ebuild b/www-servers/nginx/nginx-1.13.12.ebuild
new file mode 100644
index 00000000000..bd7a770f74a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.12.ebuild
@@ -0,0 +1,1064 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="6a1174446f5a866d3d13615dd2824177570f0a69"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     32eee023c07eba04089cf2303857d515be688d5e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 16:30:03 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 16:36:56 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32eee023

www-servers/nginx: Bump to v1.14.0 stable

Based on v1.13.12-r1 mainline. See v1.13.x commits for
changes.

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.14.0.ebuild | 1064 +++++++++++++++++++++++++++++++++
 2 files changed, 1065 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e183788cbf1..4eea681330f 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -5,6 +5,7 @@ DIST nginx-1.13.11.tar.gz 1016189 BLAKE2B e6a42f5558a2cfdf15964a419b768a211436fe
 DIST nginx-1.13.12.tar.gz 1016311 BLAKE2B 8b56e1e13c2598181153b9fe5f5a9ac6349ba1d6c98cfca708cb7ae1d3b6eec92df0132091107bc20c0ae1bec15020957c820f9414890151b4b1830f00af2d40 SHA512 c61668d4999d43ccd5ed8e99bd2f6992190503bb3c4103a22871e346feb8cbd049b04416ca7eb982c122a9a29bb21c6bb9f934411dd80bc02d946105f7917873
 DIST nginx-1.13.8.tar.gz 992237 BLAKE2B 268eebb98a1ae1acbc9fb3ae4e445b26cfff68d8833285527b86f73d5a076f43fb6840b2aad6ff0e8458b47abbe8a9883c43c8a6b40c65d040b3bff88c6910eb SHA512 f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1
 DIST nginx-1.13.9.tar.gz 994802 BLAKE2B 3a34cd87a7bcc51b44787a322569d3d475dc0b4892bf41af16d715c1fd2da544a2536a1e9bbbf37118747bb2d0dca13664fd8288499f9d728d70eb74eed885dc SHA512 92c34c182b59e0597a6b0af996770673b08b075f47285e2fbb9d8df59bb9c38fcca8e77bc6e3ca8e019500d041f96437b6b4f80d5dfd914a6f843ca919dac07b
+DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529

diff --git a/www-servers/nginx/nginx-1.14.0.ebuild b/www-servers/nginx/nginx-1.14.0.ebuild
new file mode 100644
index 00000000000..f4739e7cf1d
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.0.ebuild
@@ -0,0 +1,1064 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     071d7cdce4c3fa8f54762b54da941c76bc39bd14
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 17:23:48 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 17:24:26 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=071d7cdc

www-servers/nginx: Fix self block

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 www-servers/nginx/nginx-1.14.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.0.ebuild b/www-servers/nginx/nginx-1.14.0.ebuild
index f4739e7cf1d..6c27d427217 100644
--- a/www-servers/nginx/nginx-1.14.0.ebuild
+++ b/www-servers/nginx/nginx-1.14.0.ebuild
@@ -313,7 +313,7 @@ CDEPEND="
 	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
+	!www-servers/nginx:mainline"
 DEPEND="${CDEPEND}
 	nginx_modules_http_brotli? ( virtual/pkgconfig )
 	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     50f82e63d1edbb108d6ced5080f325a521d6bae8
Author:     Tomas Mozes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Tue Jun 19 10:19:17 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jun 21 14:04:33 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50f82e63

www-servers/nginx: drop old

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/nginx-1.15.0.ebuild | 1070 ---------------------------------
 1 file changed, 1070 deletions(-)

diff --git a/www-servers/nginx/nginx-1.15.0.ebuild b/www-servers/nginx/nginx-1.15.0.ebuild
deleted file mode 100644
index 7d5c01213da..00000000000
--- a/www-servers/nginx/nginx-1.15.0.ebuild
+++ /dev/null
@@ -1,1070 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.16"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		cd "${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     1b83d2c4a1acd5b9926bf6899447001e95bb3410
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 22 10:05:00 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 10:36:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b83d2c4

www-servers/nginx: Update URL to use HTTPS

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 8315c7922c7..3eb0471b477 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -21,7 +21,7 @@
     <flag name="rtmp">NGINX-based Media Streaming Server</flag>
   </use>
   <upstream>
-    <changelog>http://nginx.org/en/CHANGES</changelog>
+    <changelog>https://nginx.org/en/CHANGES</changelog>
     <remote-id type="github">openresty/memc-nginx-module</remote-id>
     <remote-id type="bitbucket">nginx-goodies/nginx-sticky-module-ng</remote-id>
   </upstream>

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8c0aeb860d0f7c3af255abb9705bdfab7c8247d5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 22 10:35:31 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 10:36:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c0aeb86

www-servers/nginx: rev bump

- stable slot synchronized with changes from mainline slot:

  - This will add geoip2 support (introduced via commit c020ffdab8)

  - Bump some 3rd party modules (see commit 9484e13a for details)

- HTTP VHost Traffic Status module bumped to v0.1.17

- nginScript module bumped to v0.2.2 [Bug 658736]

- brotli module bumped to v0.1.2

Bug: https://bugs.gentoo.org/658736
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/Manifest                         |  5 ++--
 ...{nginx-1.14.0.ebuild => nginx-1.14.0-r1.ebuild} | 33 ++++++++++++++++------
 ...inx-1.15.0-r1.ebuild => nginx-1.15.0-r2.ebuild} | 16 ++++-------
 3 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e6adcc68326..6b64157a4ab 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -6,6 +6,7 @@ DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
+DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
 DIST ngx_brotli-37ab9b2933a0b756ba3447000b7f31d432ed8228.tar.gz 12692 BLAKE2B 8b969fcd7daf37d790e81ff6dd4d43a210c9097052cc7a2db9f2aa8ad3115ffe175b0839210c234610e5731be35327eb08eb0eb3f28783d272b172df07259651 SHA512 fb12e4b50b9a472ee2f4fe08ffd86c38072a4c254a4f99627d6f2411f915c139f6e7cfe41f29222bc70b57942cde85d8ef2cd5458638201c751cd4c818d65f10
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
@@ -27,7 +28,7 @@ DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a00833
 DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
 DIST ngx_http_vhost_traffic_status-0.1.15-gentoo.tar.gz 371234 BLAKE2B 6c164d8c5ee4f3a6729989d9ab2ba874dd5dc285f5c52baf50b05880f184d1ef779f320efa36db8228ab15a8885e972664aee2b1d367279edbf840e41a4c8108 SHA512 63bb0d576fb896526e13fd624eb61b0562756d9aef9124be3d4e845312885838b96d93a4233b15e1b0449714c9689ef1e88b680f23f5d9c909b31026d8c13d08
-DIST ngx_http_vhost_traffic_status-0.1.16.tar.gz 371717 BLAKE2B 0f29f721ca38788343de52c7462efcfe846161ed8dc8433979a1189ad2d11f6917c552a58113de1306ad657d8cb62a22d0a94c053801c2e4becdbcd2f16f1552 SHA512 a85f17bff4e47d6e4e45b9493d759d493a3b4564c76ce7c526ff9afe99d4bd7191cecf17c3bad2bd19cdf5dfa4c4eba21baff8bdbf08550485ee4956963f9e73
+DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
 DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
@@ -35,4 +36,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.0.tar.gz 251246 BLAKE2B 76c0be4a98d5782df8d9ecb4b5a6a463a77fd59078f5d25a3763ea5e8633906966fc0a34c98dd9dca2dcc1f54994b0f47d8e80a5903faabbe43865930c2bc267 SHA512 8b1975594f47e49f6d245a99e64e59a3eebf916b9e7e8626e5b1487275688e3dd84691e99ed2207698724dc82d75c54176eb88b9104e847d1cd7db7ead89a391
-DIST njs-0.2.1.tar.gz 252791 BLAKE2B a8507c016cef8481c456e675bd4972a018a049933e5ba2d03027f0c871c264d6848d25a9a715fa4e7920b63bfe86470b4f835790296dba6227aad16b80e5a849 SHA512 b924be63b3d8a996dfd5dd120a3103619c52a9193ca442a21f85f2d5e0a30690fa67401125e775cdf2127f659a61e34b8defe63f7fd33e318cca2a7f99c44154
+DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792

diff --git a/www-servers/nginx/nginx-1.14.0.ebuild b/www-servers/nginx/nginx-1.14.0-r1.ebuild
similarity index 97%
rename from www-servers/nginx/nginx-1.14.0.ebuild
rename to www-servers/nginx/nginx-1.14.0-r1.ebuild
index 6c27d427217..d680f978495 100644
--- a/www-servers/nginx/nginx-1.14.0.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r1.ebuild
@@ -23,9 +23,9 @@ DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KI
 DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
 
 # ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_PV="0.1.2"
 HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
 HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
 
 # http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
@@ -59,7 +59,7 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
 HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
 
 # http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.11"
+HTTP_LUA_MODULE_PV="0.10.13"
 HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
 HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
 HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
@@ -83,9 +83,9 @@ HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HT
 HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
 
 # http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
 
 # naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
@@ -138,7 +138,7 @@ HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/ar
 HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
 
 # memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_PV="0.19"
 HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
 HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
 HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
@@ -149,8 +149,14 @@ HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
 HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
 # njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.0"
+NJS_MODULE_PV="0.2.2"
 NJS_MODULE_P="njs-${NJS_MODULE_PV}"
 NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
 NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -172,6 +178,7 @@ SRC_URI="https://nginx.org/download/${P}.tar.gz
 	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
 	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
 	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
 	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
 	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
 	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
@@ -186,6 +193,7 @@ SRC_URI="https://nginx.org/download/${P}.tar.gz
 	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
 	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
 	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
 	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
 	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
 
@@ -219,6 +227,7 @@ NGINX_MODULES_3RD="
 	http_dav_ext
 	http_echo
 	http_fancyindex
+	http_geoip2
 	http_headers_more
 	http_javascript
 	http_lua
@@ -233,6 +242,7 @@ NGINX_MODULES_3RD="
 	http_upload_progress
 	http_upstream_check
 	http_vhost_traffic_status
+	stream_geoip2
 	stream_javascript
 "
 
@@ -286,6 +296,7 @@ CDEPEND="
 	)
 	nginx_modules_http_brotli? ( app-arch/brotli:= )
 	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
 	nginx_modules_http_gunzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip? ( sys-libs/zlib )
 	nginx_modules_http_gzip_static? ( sys-libs/zlib )
@@ -575,6 +586,10 @@ src_configure() {
 		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
 	fi
 
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
 	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
 		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
 	fi
@@ -611,7 +626,7 @@ src_configure() {
 		fi
 	done
 
-	if use nginx_modules_stream_javascript; then
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
 		stream_enabled=1
 	fi
 
@@ -838,7 +853,7 @@ pkg_postinst() {
 	if use nginx_modules_http_lua && use http2; then
 		ewarn ""
 		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
 	fi
 
 	local _n_permission_layout_checks=0

diff --git a/www-servers/nginx/nginx-1.15.0-r1.ebuild b/www-servers/nginx/nginx-1.15.0-r2.ebuild
similarity index 98%
rename from www-servers/nginx/nginx-1.15.0-r1.ebuild
rename to www-servers/nginx/nginx-1.15.0-r2.ebuild
index 7283c4caddd..5c4536292af 100644
--- a/www-servers/nginx/nginx-1.15.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.15.0-r2.ebuild
@@ -23,9 +23,9 @@ DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KI
 DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
 
 # ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_PV="0.1.2"
 HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
 HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
 
 # http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
@@ -83,7 +83,7 @@ HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HT
 HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
 
 # http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.16"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
 GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
 
 # njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.1"
+NJS_MODULE_PV="0.2.2"
 NJS_MODULE_P="njs-${NJS_MODULE_PV}"
 NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
 NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -415,12 +415,6 @@ src_prepare() {
 		cd "${S}" || die
 	fi
 
-	if use nginx_modules_http_vhost_traffic_status; then
-		cd "${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
-		cd "${S}" || die
-	fi
-
 	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
 	# We have config protection, don't rename etc files
 	sed -i 's:.default::' auto/install || die
@@ -859,7 +853,7 @@ pkg_postinst() {
 	if use nginx_modules_http_lua && use http2; then
 		ewarn ""
 		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
 	fi
 
 	local _n_permission_layout_checks=0

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     91cef7605d8d9002b5430c365f46e3adf9823819
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  3 15:56:34 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul  3 15:56:34 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91cef760

www-servers/nginx: bump to v1.15.1 mainline

- HTTP Fancy Index module bumpe to v0.4.3

- HTTP VHost Traffic Status module bumped to v0.1.18

- HTTP NAXSI module bumped to v0.56

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/Manifest            |    4 +
 www-servers/nginx/nginx-1.15.1.ebuild | 1079 +++++++++++++++++++++++++++++++++
 2 files changed, 1083 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 613d35ccc7a..42ec7cd0f6c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
 DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
+DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -12,12 +13,14 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
 DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
 DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
+DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
 DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
 DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
+DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
@@ -25,6 +28,7 @@ DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a00833
 DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
 DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
+DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
 DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e

diff --git a/www-servers/nginx/nginx-1.15.1.ebuild b/www-servers/nginx/nginx-1.15.1.ebuild
new file mode 100644
index 00000000000..4d922841b29
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.1.ebuild
@@ -0,0 +1,1079 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     56b9da6fdd8c262569f0f502498c8251137abc6f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  3 15:59:48 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul  3 15:59:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56b9da6f

www-servers/nginx: rev bump to bump 3rd party modules

- HTTP Fancy Index module bumpe to v0.4.3

- HTTP VHost Traffic Status module bumped to v0.1.18

- HTTP NAXSI module bumped to v0.56

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../nginx/{nginx-1.14.0-r1.ebuild => nginx-1.14.0-r2.ebuild}        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/www-servers/nginx/nginx-1.14.0-r1.ebuild b/www-servers/nginx/nginx-1.14.0-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.0-r1.ebuild
rename to www-servers/nginx/nginx-1.14.0-r2.ebuild
index d680f978495..7ff15247d15 100644
--- a/www-servers/nginx/nginx-1.14.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r2.ebuild
@@ -53,7 +53,7 @@ HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${H
 HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
 
 # http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
 HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
 HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
 HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
@@ -83,13 +83,13 @@ HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HT
 HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
 
 # http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
 HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
 
 # naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_PV="0.56"
 HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
 HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
 HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8cf811287d24ae826093d327defff22e11dcf9cb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jul  4 03:13:02 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul  4 03:13:02 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8cf81128

www-servers/nginx: x86 stable (bug #660254)

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/nginx-1.14.0-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.0-r2.ebuild b/www-servers/nginx/nginx-1.14.0-r2.ebuild
index 7ff15247d15..e5f31a751e8 100644
--- a/www-servers/nginx/nginx-1.14.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r2.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Mikle Kolyada]

commit:     6605352002baeffac513142ea274935bccb191bf
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  9 00:25:37 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Mon Jul  9 00:25:37 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66053520

www-servers/nginx: amd64 stable wrt bug #660254

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/nginx-1.14.0-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.0-r2.ebuild b/www-servers/nginx/nginx-1.14.0-r2.ebuild
index e5f31a751e8..a4c3f22ec71 100644
--- a/www-servers/nginx/nginx-1.14.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r2.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     736ff5f15457d4127770eb388908683a1600ae96
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 19:43:34 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 19:44:08 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=736ff5f1

www-servers/nginx: drop old

Package-Manager: Portage-2.3.43, Repoman-2.3.10

 www-servers/nginx/Manifest               |   12 -
 www-servers/nginx/nginx-1.12.2-r1.ebuild | 1005 ----------------------------
 www-servers/nginx/nginx-1.15.0-r2.ebuild | 1079 ------------------------------
 3 files changed, 2096 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 42ec7cd0f6c..83bf18b4d20 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,10 +1,7 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
-DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
-DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
 DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
-DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
@@ -12,27 +9,18 @@ DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f60
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
 DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
-DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
 DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
-DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
-DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
 DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
-DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
-DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
-DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
-DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
 DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
-DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
-DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792

diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
deleted file mode 100644
index 40d650b17fe..00000000000
--- a/www-servers/nginx/nginx-1.12.2-r1.ebuild
+++ /dev/null
@@ -1,1005 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.10"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.0"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.0-r2.ebuild b/www-servers/nginx/nginx-1.15.0-r2.ebuild
deleted file mode 100644
index 5c4536292af..00000000000
--- a/www-servers/nginx/nginx-1.15.0-r2.ebuild
+++ /dev/null
@@ -1,1079 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.17"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     0faf2544464e203ea2fd80a14c45cff6f7d8cea5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 19:41:45 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 19:44:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0faf2544

www-servers/nginx: rev bump to fix missing deps for geoip modules

Closes: https://bugs.gentoo.org/661498
Package-Manager: Portage-2.3.43, Repoman-2.3.10
RepoMan-Options: --force

 www-servers/nginx/{nginx-1.14.0-r2.ebuild => nginx-1.14.0-r3.ebuild} | 4 +++-
 www-servers/nginx/{nginx-1.15.1.ebuild => nginx-1.15.1-r1.ebuild}    | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/www-servers/nginx/nginx-1.14.0-r2.ebuild b/www-servers/nginx/nginx-1.14.0-r3.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.0-r2.ebuild
rename to www-servers/nginx/nginx-1.14.0-r3.ebuild
index a4c3f22ec71..9332cae2dbb 100644
--- a/www-servers/nginx/nginx-1.14.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.14.0-r3.ebuild
@@ -321,7 +321,9 @@ CDEPEND="
 		net-misc/curl
 		www-servers/apache
 	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
 	!www-servers/nginx:mainline"

diff --git a/www-servers/nginx/nginx-1.15.1.ebuild b/www-servers/nginx/nginx-1.15.1-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.15.1.ebuild
rename to www-servers/nginx/nginx-1.15.1-r1.ebuild
index 4d922841b29..addae4eea24 100644
--- a/www-servers/nginx/nginx-1.15.1.ebuild
+++ b/www-servers/nginx/nginx-1.15.1-r1.ebuild
@@ -321,7 +321,9 @@ CDEPEND="
 		net-misc/curl
 		www-servers/apache
 	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
 	!www-servers/nginx:0"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     4f58900abb31400d6ab0c97461dd01fa8d0389bd
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 24 18:15:37 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 24 18:15:56 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f58900a

www-servers/nginx: bump to v1.15.2 mainline

- HTTP VHost Traffic Status module bumped to commit 46d85558e344

Package-Manager: Portage-2.3.43, Repoman-2.3.10

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.15.2.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1083 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 83bf18b4d20..31358801c55 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
 DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
+DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
@@ -19,6 +20,7 @@ DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
 DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
+DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1

diff --git a/www-servers/nginx/nginx-1.15.2.ebuild b/www-servers/nginx/nginx-1.15.2.ebuild
new file mode 100644
index 00000000000..166f5cc1086
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.2.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     fe0bae189dcc562ff934b8623812fc0ea4790b7a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 31 20:42:43 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 31 20:42:43 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe0bae18

www-servers/nginx: rev bump to bump 3rd party modules

- nginScript module bumped to v0.2.3

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 www-servers/nginx/Manifest               |    1 +
 www-servers/nginx/nginx-1.15.2-r1.ebuild | 1081 ++++++++++++++++++++++++++++++
 2 files changed, 1082 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 31358801c55..58bdee5c0ef 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -26,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
+DIST njs-0.2.3.tar.gz 269695 BLAKE2B 10d5f4ad41b382da8e87ac15ea46db0107e532db68bc3103c27ee0122f9e24fbf61ffdf472baa0ce9c69080abeaf71651d5097acc2a57257099c8e82148ed366 SHA512 0032bc0cb021ca2305164e39a71f7814a4a385cc6079057a53daebe1cd42e78dc6a6d35c7652c38805e8ceb30201333aacce819245a638b8a3779e6f74a2b7a6

diff --git a/www-servers/nginx/nginx-1.15.2-r1.ebuild b/www-servers/nginx/nginx-1.15.2-r1.ebuild
new file mode 100644
index 00000000000..32888e842f4
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.2-r1.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     ce61ab77b289b99f6668084046ae37f59b061fda
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 28 16:01:47 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 28 16:02:12 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce61ab77

www-servers/nginx: bump to v1.15.3 mainline

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.15.3.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1082 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 58bdee5c0ef..1f11ed84fd6 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
 DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
 DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
+DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76

diff --git a/www-servers/nginx/nginx-1.15.3.ebuild b/www-servers/nginx/nginx-1.15.3.ebuild
new file mode 100644
index 00000000000..32888e842f4
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.3.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     e90f59378818c65da9ca0136eac931ebdb5c6221
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 25 15:44:21 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Sep 25 15:44:45 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e90f5937

www-servers/nginx: bump to v1.15.4 mainline

- nginScript module bumped to v0.2.4

Package-Manager: Portage-2.3.50, Repoman-2.3.11

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.15.4.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1083 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1f11ed84fd6..60d883a7f69 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab
 DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
 DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
 DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
+DIST nginx-1.15.4.tar.gz 1024694 BLAKE2B e43f04a39f1c4fb42e1f896475341010e7ce5f50653e96dd5c7f71f403a5f4d1641db719f8557b1368338b67d1929032958736eab48b8e08e5ecef5f5dd7ef24 SHA512 9aa20aa2a23b4fac859858f22d09bb1bee74e1d7450e4a9ea8486014078006d8937f5440684d98fa0bb23feec464ec57129da6a70659fff31d9f2ac370684ac8
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
@@ -28,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
 DIST njs-0.2.3.tar.gz 269695 BLAKE2B 10d5f4ad41b382da8e87ac15ea46db0107e532db68bc3103c27ee0122f9e24fbf61ffdf472baa0ce9c69080abeaf71651d5097acc2a57257099c8e82148ed366 SHA512 0032bc0cb021ca2305164e39a71f7814a4a385cc6079057a53daebe1cd42e78dc6a6d35c7652c38805e8ceb30201333aacce819245a638b8a3779e6f74a2b7a6
+DIST njs-0.2.4.tar.gz 275322 BLAKE2B 78fefb19fcad23295526935c86416b03b53d16f33fde98dea60afe634d5a7dbcf617593ead8d360581b845572625c22325b43d4227128481a04ca5bf8f839724 SHA512 3d8be3442fa90f966c51e3950d75b11f5b5f6c03babe841d5af5c95f1546ce972193840fe19beb70461031c4895425a14faf012d5e755917d703017e9dbf886a

diff --git a/www-servers/nginx/nginx-1.15.4.ebuild b/www-servers/nginx/nginx-1.15.4.ebuild
new file mode 100644
index 00000000000..1ea681b2bcf
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.4.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     89adf39fcefbc10946cb26aff4d3df2a870f99e3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  2 16:03:21 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct  2 16:04:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89adf39f

www-servers/nginx: bump to v1.15.5 mainline

Package-Manager: Portage-2.3.50, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.15.5.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1082 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 60d883a7f69..2eab1655c94 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae7
 DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
 DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
 DIST nginx-1.15.4.tar.gz 1024694 BLAKE2B e43f04a39f1c4fb42e1f896475341010e7ce5f50653e96dd5c7f71f403a5f4d1641db719f8557b1368338b67d1929032958736eab48b8e08e5ecef5f5dd7ef24 SHA512 9aa20aa2a23b4fac859858f22d09bb1bee74e1d7450e4a9ea8486014078006d8937f5440684d98fa0bb23feec464ec57129da6a70659fff31d9f2ac370684ac8
+DIST nginx-1.15.5.tar.gz 1024791 BLAKE2B 713373b908c40c5cf676cec7698807a7de0a3ba81e8215b00896f178f2369bdbd01318c688276cf9fea8b9274be75eab0fbf403ac629ca730198eccf363ec92f SHA512 90b3d8148fca183bd3f6d16fd9212e2eedbe13f151c079d67086fca5a9f58256b99a87b4444ee18b1f9fb2b65fbe2d5353985145e1c075b6236b31d0ce7e9051
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76

diff --git a/www-servers/nginx/nginx-1.15.5.ebuild b/www-servers/nginx/nginx-1.15.5.ebuild
new file mode 100644
index 00000000000..1ea681b2bcf
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.5.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="0.1.2"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.4"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     2e2b74317ae763483d7f2f1f79206f528aaefea5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  2 16:04:08 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct  2 16:04:20 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e2b7431

www-servers/nginx: drop old

Package-Manager: Portage-2.3.50, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 -
 www-servers/nginx/nginx-1.15.4.ebuild | 1081 ---------------------------------
 2 files changed, 1082 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2eab1655c94..f2a16b9dd49 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,7 +3,6 @@ DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab
 DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
 DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
 DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
-DIST nginx-1.15.4.tar.gz 1024694 BLAKE2B e43f04a39f1c4fb42e1f896475341010e7ce5f50653e96dd5c7f71f403a5f4d1641db719f8557b1368338b67d1929032958736eab48b8e08e5ecef5f5dd7ef24 SHA512 9aa20aa2a23b4fac859858f22d09bb1bee74e1d7450e4a9ea8486014078006d8937f5440684d98fa0bb23feec464ec57129da6a70659fff31d9f2ac370684ac8
 DIST nginx-1.15.5.tar.gz 1024791 BLAKE2B 713373b908c40c5cf676cec7698807a7de0a3ba81e8215b00896f178f2369bdbd01318c688276cf9fea8b9274be75eab0fbf403ac629ca730198eccf363ec92f SHA512 90b3d8148fca183bd3f6d16fd9212e2eedbe13f151c079d67086fca5a9f58256b99a87b4444ee18b1f9fb2b65fbe2d5353985145e1c075b6236b31d0ce7e9051
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529

diff --git a/www-servers/nginx/nginx-1.15.4.ebuild b/www-servers/nginx/nginx-1.15.4.ebuild
deleted file mode 100644
index 1ea681b2bcf..00000000000
--- a/www-servers/nginx/nginx-1.15.4.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     931ea67612c9eb3f435cdf42b3401181e40e6bce
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  6 16:03:49 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov  6 16:04:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=931ea676

www-servers/nginx: bump to v1.14.1 stable

- nginScript module bumped to v0.2.5

- HTTP VHost Traffic Status module bumped to commit 46d85558e344dfe

- brotli module bumped to commit 8104036af9cff

Bug: https://bugs.gentoo.org/670496
Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.14.1.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1082 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c582c0046ec..18698b286ab 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
+DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
 DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
 DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
 DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a

diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
new file mode 100644
index 00000000000..f0f5b608214
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.1.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.5"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Mikle Kolyada]

commit:     d5acf55b3d4820c7c5cfd1a5a5d85f98bdae9d54
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  6 21:33:39 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Nov  6 21:33:39 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5acf55b

www-servers/nginx: amd64 stable wrt bug #670496

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 www-servers/nginx/nginx-1.14.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
index f0f5b608214..887c4c34c9c 100644
--- a/www-servers/nginx/nginx-1.14.1.ebuild
+++ b/www-servers/nginx/nginx-1.14.1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     2420dc618ff0fe1a1425be3cdbf4a70eb1c91a4c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  7 23:38:10 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov  7 23:38:10 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2420dc61

www-servers/nginx: x86 stable (bug #670496)

Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/nginx-1.14.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
index 887c4c34c9c..ba2b07dc015 100644
--- a/www-servers/nginx/nginx-1.14.1.ebuild
+++ b/www-servers/nginx/nginx-1.14.1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     4987c82a4edaf3d053f0f4b9e835616f4b82f5b9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 27 15:27:50 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 27 15:27:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4987c82a

www-servers/nginx: bump to v1.15.7 mainline

- nginScript module bumped to v0.2.6

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.15.7.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1083 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 28370aeb02d..c251134f4e5 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
 DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
+DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -24,3 +25,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
+DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455

diff --git a/www-servers/nginx/nginx-1.15.7.ebuild b/www-servers/nginx/nginx-1.15.7.ebuild
new file mode 100644
index 00000000000..e873f4b5416
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.7.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     800ba5f5b14da892ecb6e34c231e584c1c48fb1e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  7 16:11:02 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Dec  7 16:11:27 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=800ba5f5

www-servers/nginx: bump to v1.14.2 stable

- nginScript module bumped to v0.2.6

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.14.2.ebuild | 1081 +++++++++++++++++++++++++++++++++
 2 files changed, 1082 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c251134f4e5..74c20892a90 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
+DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
 DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
 DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269

diff --git a/www-servers/nginx/nginx-1.14.2.ebuild b/www-servers/nginx/nginx-1.14.2.ebuild
new file mode 100644
index 00000000000..66b09925f1e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.2.ebuild
@@ -0,0 +1,1081 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     31f18ecda24ad306440f306f55702fe216fd7a81
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 25 15:13:03 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 25 15:13:03 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31f18ecd

www-servers/nginx: bump to v1.15.8 mainline

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.15.8.ebuild | 1087 +++++++++++++++++++++++++++++++++
 2 files changed, 1088 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 74c20892a90..d49d6e4ecd3 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
 DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
 DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
+DIST nginx-1.15.8.tar.gz 1027862 BLAKE2B 6330a4fe4ccd4f1def7e086ac1028515323d011dab5609af6a12b548795da14a1fa6b6ab180eef1b1f4085fa5d52f60bda984dd1145e0d9152db14d0335b5304 SHA512 4509f0a0adf189bbdfa068adb120d0c26e594283b84c75f7df256b46e505aab5adda50b845abbbe07ab36f54c5ebefac4660fa315546856fb5114067e70394d3
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203

diff --git a/www-servers/nginx/nginx-1.15.8.ebuild b/www-servers/nginx/nginx-1.15.8.ebuild
new file mode 100644
index 00000000000..6fbcd2eaad4
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.8.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.6"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     76a26541f9b6f7237a9cd9ef18d9f0fca1f6723e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 25 16:03:37 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 25 16:06:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76a26541

www-servers/nginx: rev bump to bump 3rd party modules

- nginScript module bumped to v0.2.7

- HTTP WebDAV module bumped to v3.0.0

- HTTP ModSecurity module bumped to v2.9.3

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest                                 |  3 +++
 .../nginx/{nginx-1.15.8.ebuild => nginx-1.14.2-r2.ebuild}  | 14 +++++++-------
 .../nginx/{nginx-1.15.8.ebuild => nginx-1.15.8-r1.ebuild}  | 10 +++++-----
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index d49d6e4ecd3..fe38043850b 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,4 +1,5 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
+DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
 DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
@@ -11,6 +12,7 @@ DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
 DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
+DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
 DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
@@ -28,3 +30,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
 DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455
+DIST njs-0.2.7.tar.gz 287458 BLAKE2B 7c8e1bc2bdf7bd9fb01c27cd734cfcd8184e73d98e49e0a9a4a57dd07b8c5bd84c06af76d9c87876ee963658efbf27a2795b0baf114bc80d22aa2e0f2019508b SHA512 4e148905c098cbb902743d71bfd78360a68eeff4477240faa3f05f33fc66d68964d90d010e8f406d1eb9b34e01a15dc23e5cef1b91207f0c4ca0371373d4d5c9

diff --git a/www-servers/nginx/nginx-1.15.8.ebuild b/www-servers/nginx/nginx-1.14.2-r2.ebuild
similarity index 99%
copy from www-servers/nginx/nginx-1.15.8.ebuild
copy to www-servers/nginx/nginx-1.14.2-r2.ebuild
index 6fbcd2eaad4..aecbc46ff6f 100644
--- a/www-servers/nginx/nginx-1.15.8.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r2.ebuild
@@ -101,7 +101,7 @@ RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODUL
 RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
 
 # nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
 HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
 HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
 HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
@@ -114,7 +114,7 @@ HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
 
 # mod_security for nginx (https://modsecurity.org/, Apache-2.0)
 # keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_PV="2.9.3"
 HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
 HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
 HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
 GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
 
 # njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
+NJS_MODULE_PV="0.2.7"
 NJS_MODULE_P="njs-${NJS_MODULE_PV}"
 NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
 NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -201,7 +201,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_security? ( Apache-2.0 )
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
-SLOT="mainline"
+SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
@@ -313,7 +313,7 @@ CDEPEND="
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
 	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
 	nginx_modules_http_security? (
 		dev-libs/apr:=
 		dev-libs/apr-util:=
@@ -326,7 +326,7 @@ CDEPEND="
 	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
 RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
+	!www-servers/nginx:mainline"
 DEPEND="${CDEPEND}
 	nginx_modules_http_brotli? ( virtual/pkgconfig )
 	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
@@ -812,7 +812,7 @@ src_install() {
 
 	if use nginx_modules_http_security; then
 		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
 	fi
 
 	if use nginx_modules_http_push_stream; then

diff --git a/www-servers/nginx/nginx-1.15.8.ebuild b/www-servers/nginx/nginx-1.15.8-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.15.8.ebuild
rename to www-servers/nginx/nginx-1.15.8-r1.ebuild
index 6fbcd2eaad4..7a4dcf18e15 100644
--- a/www-servers/nginx/nginx-1.15.8.ebuild
+++ b/www-servers/nginx/nginx-1.15.8-r1.ebuild
@@ -101,7 +101,7 @@ RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODUL
 RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
 
 # nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
 HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
 HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
 HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
@@ -114,7 +114,7 @@ HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
 
 # mod_security for nginx (https://modsecurity.org/, Apache-2.0)
 # keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_PV="2.9.3"
 HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
 HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
 HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
@@ -156,7 +156,7 @@ GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOI
 GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
 
 # njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
+NJS_MODULE_PV="0.2.7"
 NJS_MODULE_P="njs-${NJS_MODULE_PV}"
 NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
 NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
@@ -313,7 +313,7 @@ CDEPEND="
 	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
 	nginx_modules_http_auth_pam? ( virtual/pam )
 	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
 	nginx_modules_http_security? (
 		dev-libs/apr:=
 		dev-libs/apr-util:=
@@ -812,7 +812,7 @@ src_install() {
 
 	if use nginx_modules_http_security; then
 		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
 	fi
 
 	if use nginx_modules_http_push_stream; then

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     1b638a3a7990f381a54414ecc5a6fd334b06a00c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 19:01:50 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 19:03:55 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b638a3a

www-servers/nginx: rev bump to bump 3rd party modules

- nginScript module bumped to v0.2.9

- HTTP LUA module bumped to v0.10.14; The new module requires
  USE=luajit [Link 1]

Link 1: https://github.com/openresty/lua-nginx-module/commit/7286812116940216344ade33722c49ae47037605
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/nginx-1.14.2-r3.ebuild | 1085 ++++++++++++++++++++++++++++++
 1 file changed, 1085 insertions(+)

diff --git a/www-servers/nginx/nginx-1.14.2-r3.ebuild b/www-servers/nginx/nginx-1.14.2-r3.ebuild
new file mode 100644
index 00000000000..146f0900861
--- /dev/null
+++ b/www-servers/nginx/nginx-1.14.2-r3.ebuild
@@ -0,0 +1,1085 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="2.0"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.8"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     6ef7a2b29362321b2e2c35b1d56e8921b75f5d4e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 19:02:47 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 19:03:56 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ef7a2b2

www-servers/nginx: amd64 & x86 stable

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/nginx-1.14.2-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.2-r3.ebuild b/www-servers/nginx/nginx-1.14.2-r3.ebuild
index 146f0900861..c7c8f616f3a 100644
--- a/www-servers/nginx/nginx-1.14.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r3.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8d3f825f4c0e8837f3f36bc8b974f2ce01726c1d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 19:03:43 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 19:03:57 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d3f825f

www-servers/nginx: drop old

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest               |   10 -
 www-servers/nginx/nginx-1.14.1.ebuild    | 1081 -----------------------------
 www-servers/nginx/nginx-1.14.2-r1.ebuild | 1087 ------------------------------
 www-servers/nginx/nginx-1.14.2-r2.ebuild | 1087 ------------------------------
 www-servers/nginx/nginx-1.15.6.ebuild    | 1081 -----------------------------
 www-servers/nginx/nginx-1.15.7-r1.ebuild | 1087 ------------------------------
 www-servers/nginx/nginx-1.15.8-r1.ebuild | 1087 ------------------------------
 7 files changed, 6520 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b7303ac6757..02b3cd98366 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,10 +1,5 @@
-DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
-DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
-DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
-DIST nginx-1.15.8.tar.gz 1027862 BLAKE2B 6330a4fe4ccd4f1def7e086ac1028515323d011dab5609af6a12b548795da14a1fa6b6ab180eef1b1f4085fa5d52f60bda984dd1145e0d9152db14d0335b5304 SHA512 4509f0a0adf189bbdfa068adb120d0c26e594283b84c75f7df256b46e505aab5adda50b845abbbe07ab36f54c5ebefac4660fa315546856fb5114067e70394d3
 DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -12,13 +7,11 @@ DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
-DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
 DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
 DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
-DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
 DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
@@ -30,7 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
-DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455
-DIST njs-0.2.7.tar.gz 287458 BLAKE2B 7c8e1bc2bdf7bd9fb01c27cd734cfcd8184e73d98e49e0a9a4a57dd07b8c5bd84c06af76d9c87876ee963658efbf27a2795b0baf114bc80d22aa2e0f2019508b SHA512 4e148905c098cbb902743d71bfd78360a68eeff4477240faa3f05f33fc66d68964d90d010e8f406d1eb9b34e01a15dc23e5cef1b91207f0c4ca0371373d4d5c9
 DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616

diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
deleted file mode 100644
index ba2b07dc015..00000000000
--- a/www-servers/nginx/nginx-1.14.1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.14.2-r1.ebuild b/www-servers/nginx/nginx-1.14.2-r1.ebuild
deleted file mode 100644
index 08100e45578..00000000000
--- a/www-servers/nginx/nginx-1.14.2-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.14.2-r2.ebuild b/www-servers/nginx/nginx-1.14.2-r2.ebuild
deleted file mode 100644
index aecbc46ff6f..00000000000
--- a/www-servers/nginx/nginx-1.14.2-r2.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.6.ebuild b/www-servers/nginx/nginx-1.15.6.ebuild
deleted file mode 100644
index 0c5b2a38c67..00000000000
--- a/www-servers/nginx/nginx-1.15.6.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.5"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.7-r1.ebuild b/www-servers/nginx/nginx-1.15.7-r1.ebuild
deleted file mode 100644
index 6fbcd2eaad4..00000000000
--- a/www-servers/nginx/nginx-1.15.7-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.6"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.8-r1.ebuild b/www-servers/nginx/nginx-1.15.8-r1.ebuild
deleted file mode 100644
index 7a4dcf18e15..00000000000
--- a/www-servers/nginx/nginx-1.15.8-r1.ebuild
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.7"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     e915ed35a03e129e96a1e5b464226391b4bf968f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 26 14:46:00 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 26 14:46:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e915ed35

www-servers/nginx: bump to v1.15.10

- nginScript module bumped to v0.3.0

- GeoIP2 module bumped to v3.2

Closes: https://github.com/gentoo/gentoo/pull/11439
Closes: https://bugs.gentoo.org/681038
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest             |    3 +
 www-servers/nginx/nginx-1.15.10.ebuild | 1085 ++++++++++++++++++++++++++++++++
 2 files changed, 1088 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 02b3cd98366..5f712acefbe 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
+DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
 DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -11,6 +12,7 @@ DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa5
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
 DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
+DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
@@ -24,3 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
+DIST njs-0.3.0.tar.gz 307613 BLAKE2B 3385fc9a102791bdca093d3e49869b64fbf29c1ee7c4fbabf26461e1e57dea5844afb94ecb427aab50682f57b18f732db0acaa4575df375295510c046ae09c75 SHA512 9dfbe3adb00f8b7181b13a3b6192326ab8979bc43106075faf271fcfc28fc2e90a3716a2fbcd44edde5c466f2be906e22ae763d948e141b052a28110c1eca13a

diff --git a/www-servers/nginx/nginx-1.15.10.ebuild b/www-servers/nginx/nginx-1.15.10.ebuild
new file mode 100644
index 00000000000..530a35c1e9e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.10.ebuild
@@ -0,0 +1,1085 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     8ba4103ce81eb35df012550409f681cbbae1c9d0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 13 03:46:33 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 13 03:46:33 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ba4103c

www-servers/nginx: bump to v1.15.11 mainline

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest             |    1 +
 www-servers/nginx/nginx-1.15.11.ebuild | 1089 ++++++++++++++++++++++++++++++++
 2 files changed, 1090 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5f712acefbe..0d74a7ce8a0 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
 DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
+DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
 DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529

diff --git a/www-servers/nginx/nginx-1.15.11.ebuild b/www-servers/nginx/nginx-1.15.11.ebuild
new file mode 100644
index 00000000000..fa8c6508592
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.11.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     fca566ef8b92459424c1ce6d9157726773992ed3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 13 03:48:45 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Apr 13 03:48:45 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fca566ef

www-servers/nginx: add pax-mark for USE=pax-mark

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../nginx/{nginx-1.14.2-r3.ebuild => nginx-1.14.2-r4.ebuild}        | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.14.2-r3.ebuild b/www-servers/nginx/nginx-1.14.2-r4.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.2-r3.ebuild
rename to www-servers/nginx/nginx-1.14.2-r4.ebuild
index c7c8f616f3a..dde537f4fa2 100644
--- a/www-servers/nginx/nginx-1.14.2-r3.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r4.ebuild
@@ -165,7 +165,7 @@ NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
 SSL_DEPS_SKIP=1
 AUTOTOOLS_AUTO_DEPEND="no"
 
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
 HOMEPAGE="https://nginx.org"
@@ -751,6 +751,10 @@ src_install() {
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
 
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
 	if use nginx_modules_http_perl; then
 		cd "${S}"/objs/src/http/modules/perl/ || die
 		emake DESTDIR="${D}" INSTALLDIRS=vendor

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     191ab59ed2c626408fcb7810f514064311d417f1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 16 15:45:07 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 16 15:50:19 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=191ab59e

www-servers/nginx: bump to v1.15.12 mainline

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest             |    1 +
 www-servers/nginx/nginx-1.15.12.ebuild | 1089 ++++++++++++++++++++++++++++++++
 2 files changed, 1090 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 0d74a7ce8a0..5f6dd8d7add 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
 DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
 DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
+DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
 DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529

diff --git a/www-servers/nginx/nginx-1.15.12.ebuild b/www-servers/nginx/nginx-1.15.12.ebuild
new file mode 100644
index 00000000000..fa8c6508592
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.12.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.0"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     610dd2271b52aa8fef414e12d352ea7a9045ddd7
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 21:55:07 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:01:56 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=610dd227

www-servers/nginx: rev bump

- nginScript module bumped to v0.3.1

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest                |    1 +
 www-servers/nginx/nginx-1.15.12-r1.ebuild | 1089 +++++++++++++++++++++++++++++
 2 files changed, 1090 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 5f6dd8d7add..c2767dbc5be 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -29,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
 DIST njs-0.3.0.tar.gz 307613 BLAKE2B 3385fc9a102791bdca093d3e49869b64fbf29c1ee7c4fbabf26461e1e57dea5844afb94ecb427aab50682f57b18f732db0acaa4575df375295510c046ae09c75 SHA512 9dfbe3adb00f8b7181b13a3b6192326ab8979bc43106075faf271fcfc28fc2e90a3716a2fbcd44edde5c466f2be906e22ae763d948e141b052a28110c1eca13a
+DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d

diff --git a/www-servers/nginx/nginx-1.15.12-r1.ebuild b/www-servers/nginx/nginx-1.15.12-r1.ebuild
new file mode 100644
index 00000000000..1ef25b42141
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.12-r1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     a1f423ebdfe119cd4cb938c089a0510aa7bfaa0e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 21:57:32 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:01:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1f423eb

www-servers/nginx: bump to v1.16.0 stable

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.16.0.ebuild | 1089 +++++++++++++++++++++++++++++++++
 2 files changed, 1090 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c2767dbc5be..2b248105640 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -4,6 +4,7 @@ DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfea
 DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
 DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
 DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
+DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203

diff --git a/www-servers/nginx/nginx-1.16.0.ebuild b/www-servers/nginx/nginx-1.16.0.ebuild
new file mode 100644
index 00000000000..1b4b842834f
--- /dev/null
+++ b/www-servers/nginx/nginx-1.16.0.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.14"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     75619dc24683e634fa7c57aa84ae22e521d5c8fc
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 21:58:32 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:01:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75619dc2

www-servers/nginx: drop old

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest             |    4 -
 www-servers/nginx/nginx-1.15.10.ebuild | 1085 -------------------------------
 www-servers/nginx/nginx-1.15.11.ebuild | 1089 --------------------------------
 www-servers/nginx/nginx-1.15.12.ebuild | 1089 --------------------------------
 www-servers/nginx/nginx-1.15.9.ebuild  | 1085 -------------------------------
 5 files changed, 4352 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2b248105640..67eb1b6ceb8 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,9 +1,6 @@
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
-DIST nginx-1.15.10.tar.gz 1032228 BLAKE2B c25884161b2ff861a8cbbbd4b2d7c42298cfeadd54af63a73d5146bb3b666aadbd1335a1cfdd7e0bfc4caf67d4363bdce682c61d7ffb7c6b17f66678a7018007 SHA512 16be3b6a095c045543050ec07fef8170a123738892a077003f7fb0428af9a94e9fe560a20ed68606f34145f088b1b656fe72e72d9d65d51c052f06b89d5244ff
-DIST nginx-1.15.11.tar.gz 1032272 BLAKE2B 65c9e6410f3509cdff0927c490fef1b2c7d580f93f945ff344f3f760fbdaa5a9cda81841365c2b7918220dc6e75a1ed4f0a48884e6800ea73f0617e8e09c787c SHA512 d37e162acf6b19b94b34da8e9b34e1f1daeec12e64cedd03d2cc3973d9e5c5f3da4e58a9c0f3e6ff8a7c44cb75aba9dbf248939fb65a41c18883c614c34c4297
 DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
-DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
 DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -29,5 +26,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
-DIST njs-0.3.0.tar.gz 307613 BLAKE2B 3385fc9a102791bdca093d3e49869b64fbf29c1ee7c4fbabf26461e1e57dea5844afb94ecb427aab50682f57b18f732db0acaa4575df375295510c046ae09c75 SHA512 9dfbe3adb00f8b7181b13a3b6192326ab8979bc43106075faf271fcfc28fc2e90a3716a2fbcd44edde5c466f2be906e22ae763d948e141b052a28110c1eca13a
 DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d

diff --git a/www-servers/nginx/nginx-1.15.10.ebuild b/www-servers/nginx/nginx-1.15.10.ebuild
deleted file mode 100644
index 530a35c1e9e..00000000000
--- a/www-servers/nginx/nginx-1.15.10.ebuild
+++ /dev/null
@@ -1,1085 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.11.ebuild b/www-servers/nginx/nginx-1.15.11.ebuild
deleted file mode 100644
index fa8c6508592..00000000000
--- a/www-servers/nginx/nginx-1.15.11.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use luajit; then
-		pax-mark m "${ED%/}/usr/sbin/nginx"
-	fi
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.12.ebuild b/www-servers/nginx/nginx-1.15.12.ebuild
deleted file mode 100644
index fa8c6508592..00000000000
--- a/www-servers/nginx/nginx-1.15.12.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use luajit; then
-		pax-mark m "${ED%/}/usr/sbin/nginx"
-	fi
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.9.ebuild b/www-servers/nginx/nginx-1.15.9.ebuild
deleted file mode 100644
index 0358257509e..00000000000
--- a/www-servers/nginx/nginx-1.15.9.ebuild
+++ /dev/null
@@ -1,1085 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     795099eac16f7bfad6c836e6c514c3efca5b2425
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:07:41 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:55 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=795099ea

www-servers/nginx: bump to v1.17.0 mainline

- nginScript module bumped to v0.3.2

- HTTP LUA module bumped to v0.10.15

Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    3 +
 www-servers/nginx/nginx-1.17.0.ebuild | 1089 +++++++++++++++++++++++++++++++++
 2 files changed, 1092 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 67eb1b6ceb8..c49095dcccb 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
 DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
 DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
+DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -15,6 +16,7 @@ DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d
 DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
+DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
@@ -27,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
 DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d
+DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa

diff --git a/www-servers/nginx/nginx-1.17.0.ebuild b/www-servers/nginx/nginx-1.17.0.ebuild
new file mode 100644
index 00000000000..2985eb0886b
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.0.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     39515d7bd653357aa676db7ecec780ee41082772
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:11:12 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:57 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39515d7b

www-servers/nginx: amd64 & x86 stable

Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/nginx-1.16.0-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www-servers/nginx/nginx-1.16.0-r1.ebuild b/www-servers/nginx/nginx-1.16.0-r1.ebuild
index 5ff5af84a7e..75a7cb6a7bb 100644
--- a/www-servers/nginx/nginx-1.16.0-r1.ebuild
+++ b/www-servers/nginx/nginx-1.16.0-r1.ebuild
@@ -202,7 +202,7 @@ LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
 	nginx_modules_http_push_stream? ( GPL-3 )"
 
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
 
 # Package doesn't provide a real test suite
 RESTRICT="test"

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     6db7bd5b06933cb95f1c57f5c97d18ca3006d8ba
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:09:25 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:56 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6db7bd5b

www-servers/nginx: rev bump to bump 3rd party modules

- nginScript module bumped to v0.3.2

- HTTP LUA module bumped to v0.10.15

Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/nginx-1.16.0-r1.ebuild | 1089 ++++++++++++++++++++++++++++++
 1 file changed, 1089 insertions(+)

diff --git a/www-servers/nginx/nginx-1.16.0-r1.ebuild b/www-servers/nginx/nginx-1.16.0-r1.ebuild
new file mode 100644
index 00000000000..5ff5af84a7e
--- /dev/null
+++ b/www-servers/nginx/nginx-1.16.0-r1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.2"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     5fdf3186cecdd5096f4da7cf89951db6956561b9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 15:11:46 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 21 15:11:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fdf3186

www-servers/nginx: security cleanup

Bug: https://bugs.gentoo.org/686424
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest                |    6 -
 www-servers/nginx/nginx-1.14.2-r4.ebuild  | 1089 -----------------------------
 www-servers/nginx/nginx-1.15.12-r1.ebuild | 1089 -----------------------------
 www-servers/nginx/nginx-1.16.0.ebuild     | 1089 -----------------------------
 4 files changed, 3273 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index c49095dcccb..4b2d4b0b803 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,4 @@
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
-DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
-DIST nginx-1.15.12.tar.gz 1032347 BLAKE2B 6dfd7fc0a17cd6e92c34e568db17368561f63c107654d76d3fcdf6979688e19a6f9396ddfc421c8fea6a6e0def717337e9b9b43eb8c5c8e3b2efc6bae8eaa3a9 SHA512 58961194c4fb94136b657c75c0d2ee3fe6515552a17d66e80d6cd53d342731229c0cbb897700631517275943fc2731179780a3c4b61b93b32a2cf6490ebf0f50
 DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
 DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
@@ -12,10 +10,8 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
 DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
 DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
-DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
 DIST ngx_http_geoip2_module-3.2.tar.gz 8465 BLAKE2B 93d1fb9573e9dbd932670a595d2c0341571eaa2e079ed98e85e282712dc0cdfb798d59ccc2ae7466dab23e093c2eec17d1694f2748d80683928ad135b70b0bfc SHA512 84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
-DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
 DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
@@ -27,6 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
-DIST njs-0.3.1.tar.gz 314049 BLAKE2B d80b90fbf27699151b5717c483841dc2899dc347c8ba1cc61ce5e3efa99290337d35a230fe5097d037bbce401a71a59e261e0b307a2d41b50185a624beb6fd38 SHA512 b2f427366e66827068b1e3956f7b4b56271d4a7aec535bfa22fe56a2ef0dea5ce1c43c4d028affdf32b8397d19ca4d03d974fc6660bf244bbbd899e23f13637d
 DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa

diff --git a/www-servers/nginx/nginx-1.14.2-r4.ebuild b/www-servers/nginx/nginx-1.14.2-r4.ebuild
deleted file mode 100644
index dde537f4fa2..00000000000
--- a/www-servers/nginx/nginx-1.14.2-r4.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.8"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use luajit; then
-		pax-mark m "${ED%/}/usr/sbin/nginx"
-	fi
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.12-r1.ebuild b/www-servers/nginx/nginx-1.15.12-r1.ebuild
deleted file mode 100644
index 1ef25b42141..00000000000
--- a/www-servers/nginx/nginx-1.15.12-r1.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use luajit; then
-		pax-mark m "${ED%/}/usr/sbin/nginx"
-	fi
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.16.0.ebuild b/www-servers/nginx/nginx-1.16.0.ebuild
deleted file mode 100644
index 1b4b842834f..00000000000
--- a/www-servers/nginx/nginx-1.16.0.ebuild
+++ /dev/null
@@ -1,1089 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.14"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="3.0.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.2"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.3.1"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( dev-lang/luajit:2= )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? (
-		luajit
-		nginx_modules_http_rewrite
-	)
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use luajit; then
-		pax-mark m "${ED%/}/usr/sbin/nginx"
-	fi
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     b15e19a967e5b45884d922965a184a593d49edc8
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 25 13:20:40 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 25 13:28:18 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b15e19a9

www-servers/nginx: bump to v1.17.1 mainline

- nginScript module bumped to v0.3.3

Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    2 +
 www-servers/nginx/nginx-1.17.1.ebuild | 1089 +++++++++++++++++++++++++++++++++
 2 files changed, 1091 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 4b2d4b0b803..1990f65d43a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
 DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
+DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
@@ -24,3 +25,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
+DIST njs-0.3.3.tar.gz 333026 BLAKE2B 0ccf8978fefd2f70a615fc3f8bc583754c81201aea2ebae2d451c8cc379d510a7ed91d432c86d261656a20c444b3032b93d4fa7bff90f3dc6cbd023f2cf82228 SHA512 c84cb5aed0abfc54843249e18f21d193927d92213bdff2744d0a96d6fd3131c89284c7822f6d4d456ba809931b220d891939b4a1c6e0d07ddad67d9e4437ddf5

diff --git a/www-servers/nginx/nginx-1.17.1.ebuild b/www-servers/nginx/nginx-1.17.1.ebuild
new file mode 100644
index 00000000000..57e48d2bc60
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.1.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     168f9e0515e1a13b96a61d5b7c3e430fe92b06b5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 23 20:51:51 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 23 21:12:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=168f9e05

www-servers/nginx: bump to v1.17.2 mainline

Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.17.2.ebuild | 1089 +++++++++++++++++++++++++++++++++
 2 files changed, 1090 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1990f65d43a..f9d947d8bf7 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72cc
 DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
 DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
 DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
+DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203

diff --git a/www-servers/nginx/nginx-1.17.2.ebuild b/www-servers/nginx/nginx-1.17.2.ebuild
new file mode 100644
index 00000000000..57e48d2bc60
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.2.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.2"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.3.3"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( dev-lang/luajit:2= )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		luajit
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+		export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use luajit; then
+		pax-mark m "${ED%/}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/

[Thomas Deutschmann]

commit:     a80f81afa3fb1995ae109876afd4c7e815c8233a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 13 18:46:32 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Aug 13 20:12:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a80f81af

www-servers/nginx: bump to v1.17.3 mainline

- ngx_devel_kit bumped to v0.3.1

- nginScript module bumped to v0.3.4

Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest            |    3 +
 www-servers/nginx/nginx-1.17.3.ebuild | 1089 +++++++++++++++++++++++++++++++++
 2 files changed, 1092 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index f9d947d8bf7..0ca8213e853 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,10 +3,12 @@ DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06
 DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
 DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
 DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
+DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
+DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
 DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
@@ -27,3 +29,4 @@ DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
 DIST njs-0.3.3.tar.gz 333026 BLAKE2B 0ccf8978fefd2f70a615fc3f8bc583754c81201aea2ebae2d451c8cc379d510a7ed91d432c86d261656a20c444b3032b93d4fa7bff90f3dc6cbd023f2cf82228 SHA512 c84cb5aed0abfc54843249e18f21d193927d92213bdff2744d0a96d6fd3131c89284c7822f6d4d456ba809931b220d891939b4a1c6e0d07ddad67d9e4437ddf5
+DIST njs-0.3.4.tar.gz 338783 BLAKE2B a68e0f85b9a2ac792ed33ccfb4d801b8f64272cd11e0174a9ed1f27a1dee609721fc8ff86f2844584a6aa583fda84a729baecf104e80e852776525d05b6f3c47 SHA512 bf0100d62c89a2594c95e803c06a375bcfcc65e337b0b0e43906abef6020070ec95a7eff24837b14c139f9a568b099847a7942a3f4012a3d9abaffdc12915385

diff --git a/www-servers/nginx/nginx-1.17.3.ebuild b/www-servers/nginx/nginx-1.17.3.ebuild
new file mode 100644
index 00000000000..62d74e6fb71
--- /dev/null
+++ b/www-servers/nginx/nginx-1.17.3.ebuild
@@ -0,0 +1,1089 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.3"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTT